[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Koha-devel] [Bug 196] New: user input not checked for HTML tags
From: |
bugzilla-daemon |
Subject: |
[Koha-devel] [Bug 196] New: user input not checked for HTML tags |
Date: |
Mon Feb 3 19:57:04 2003 |
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=196
Summary: user input not checked for HTML tags
Product: Koha
Version: CVS
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: OPAC
AssignedTo: address@hidden
ReportedBy: address@hidden
QAContact: address@hidden
(Note: Component really should be All, but there is no All for Component )-:
A user can search for <HR>, and Koha will happily display the horizontal rule.
If the user enters something nasty like <SCRIPT>, bad things may happen.
(Entity names, on the other hands, may need to be handled; e.g., if the OPAC
uses iso-8859-1 but the library contains some Chinese books, the user might
enter some Chinese, which will get turned into numerical character entities by
the time the CGI gets the input.)
This should probably be considered a security bug.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Koha-devel] [Bug 196] New: user input not checked for HTML tags,
bugzilla-daemon <=