https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20397
--- Comment #15 from David Cook <dc...@prosentient.com.au> --- For our inline scripts (like OpacUserJS and IntranetUserJS), we could use a nonce. We'd need to generate the nonce and pass it to the $template in C4::Auth::get_template_and_user(). Then we could easily place it into whatever inline script we need. It wouldn't prevent XSS where we've made an error in our inline script, but it would prevent a lot of stored and reflected XSS in other contexts. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/