]> git.evergreen-ils.org Git - Evergreen.git/commit
projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6771a94) | patch
LP1757526 Escape displayed catalogue data
authorDan Scott <dscott@laurentian.ca>
Wed, 21 Mar 2018 21:08:35 +0000 (22:08 +0100)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 28 Mar 2018 13:58:28 +0000 (09:58 -0400)
commit95d73451efba7de6eb0d820bc781364133ba88f9
tree7eb2e5b4c679df2bb37d56bc0e9a6bfd2979ede7tree
parent6771a9425d6859a09f7d0d1d7fae21f1308b81cfcommit | diff
LP1757526 Escape displayed catalogue data

Content in content fields (5xx) as well as for the names of locations in copy
count alt text was not being properly escaped, allowing for the possibility of
executing arbitrary JavaScript in the case of a malicious catalogue record
(whether edited in the system, or imported)

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/record/contents.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/record/copy_counts.tt2 diff | blob | history
Evergreen ILS