git.evergreen-ils.org Git - contrib/Conifer.git/commit

]> git.evergreen-ils.org Git - contrib/Conifer.git/commit

projects / contrib / Conifer.git / commit

author	Dan Scott <dscott@laurentian.ca>
	Wed, 21 Mar 2018 21:08:35 +0000 (22:08 +0100)
committer	Galen Charlton <gmc@equinoxinitiative.org>
	Wed, 28 Mar 2018 14:34:52 +0000 (10:34 -0400)
commit	ccd704417339d92fb1fe801120c0623968c699f3
tree	e5d1980948aec411480b8b7104b278e5aab1cd39	tree
parent	d02cedd462ccb0da4efca9428fefdbd4665c3080	commit \| diff

LP1757526 Escape displayed catalogue data

Content in content fields (5xx) as well as for the names of locations in copy
count alt text was not being properly escaped, allowing for the possibility of
executing arbitrary JavaScript in the case of a malicious catalogue record
(whether edited in the system, or imported)

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>

Open-ILS/src/templates/opac/parts/record/contents.tt2		diff \| blob \| history
Open-ILS/src/templates/opac/parts/record/copy_counts.tt2		diff \| blob \| history

Evergreen contribs

RSS Atom