[Koha-bugs] [Bug 39860] Add a way to allow for additional/custom MARC fields in the record display

bugzilla-daemon--- via Koha-bugs Thu, 05 Jun 2025 18:20:04 -0700

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39860


David Cook <dc...@prosentient.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Failed QA

--- Comment #32 from David Cook <dc...@prosentient.com.au> ---
Sorry but I'm going to fail this one again.

I think 3/4 of my original issues from Comment 10 have been resolved, which is
awesome.

But I notice we're still using the "staff" profile for the HTML scrubber, and
that's not going to prevent XSS, because it allows everything. 

In fact... I don't know why that profile was ever created. It looks like it
goes back to the original creating of C4::Scrubber at f8fecb78634

Looking at existing use of the C4::Scrubber... we're using the profiles "note",
"comment", and "default". I think we should actually remove the "staff"
profile. I'll add a new bug for that...

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 39860] Add a way to allow for additional/custom MARC fields in the record display

Reply via email to