[Koha-devel] [Bug 196] New: user input not checked for HTML tags

koha-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Koha-devel] [Bug 196] New: user input not checked for HTML tags

From:	bugzilla-daemon
Subject:	[Koha-devel] [Bug 196] New: user input not checked for HTML tags
Date:	Mon Feb 3 19:57:04 2003

http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=196

           Summary: user input not checked for HTML tags
           Product: Koha
           Version: CVS
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: OPAC
        AssignedTo: address@hidden
        ReportedBy: address@hidden
         QAContact: address@hidden


(Note: Component really should be All, but there is no All for Component )-:

A user can search for <HR>, and Koha will happily display the horizontal rule.
If the user enters something nasty like <SCRIPT>, bad things may happen.

(Entity names, on the other hands, may need to be handled; e.g., if the OPAC
uses iso-8859-1 but the library contains some Chinese books, the user might
enter some Chinese, which will get turned into numerical character entities by
the time the CGI gets the input.)

This should probably be considered a security bug.



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

[Prev in Thread]

Current Thread

[Next in Thread]

[Koha-devel] [Bug 196] New: user input not checked for HTML tags, bugzilla-daemon <=

Prev by Date: [Koha-devel] [Bug 191] View Account cannot see charges
Next by Date: [Koha-devel] [Bug 197] New: cannot search for author with a space
Previous by thread: [Koha-devel] [Bug 191] View Account cannot see charges
Next by thread: [Koha-devel] [Bug 197] New: cannot search for author with a space
Index(es):
- Date
- Thread