https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39262
Bug ID: 39262
Summary: shotCartUpdate indirectly uses eval()
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
In ./koha-tmpl/opac-tmpl/bootstrap/js/basket.js there is a function
"showCartUpdate" which calls the following line:
setTimeout("hideCart()", 2000);
When you pass a string as the first argument to setTimeout, it performs an
eval(). While I don't think there's any security risk in this, it's suboptimal,
and it will cause problems when we try to use Content-Security-Policy later.
We should just update this to the following:
setTimeout(hideCart, 2000);
--
There's probably other examples of this, but this is the one that jumped out to
me while working on CSP.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
