https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37656
Bug ID: 37656
Summary: Advanced editor needs to HTML-escape Z39.50 search
results
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P3
Component: Cataloging
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Noticed because for some reason OCLC records cataloged in German for English
works have a leading article in the title surrounded by << >>, which in the
advanced editor's Z39.50 search results appear as "< > Title" for a record with
"<<The>> Title" and for <<A>> Title the word Title appears as a link.
Steps to reproduce:
1. Set EnableAdvancedCatalogingEditor to Enable
2. Edit any bib record, paste <script>alert('boo ❤')</script> at the end of
245‡a and save
3. Below the search fields in the left sidebar, click Advanced »
4. Check the checkbox for Local catalog, uncheck any others that are checked,
and search for anything that will return the record you altered.
5. Get an alert() from Z30.50 search results.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
