[Bug 13618] Prevent XSS in the Staff Client and the OPAC

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 13618] Prevent XSS in the Staff Client and the OPAC

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618

--- Comment #250 from Marcel de Rooy <[hidden email]> ---
Lesson pasted from bug 21293:

All occurrences of [% var = something | html %] are error prone. If something
is not a string, but an object, array, hash etc., we are in trouble.
This probably needs more attention since we are passing objects to templates in
more scripts.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/