Viewing all changes in revision 24157.
- Committer: Jeff Davis
- Date: 2021-06-15 21:48:15 UTC
- Revision ID: git-v1:18afce58fcb7c20324a8b3c725ccab35aa35aab8
LP#1930933: fix issue with over-escaping in search results title attributes
This patch fixes an issue where a record with a title containing the
word "hidden" can have its title, ironically enough, not show up
on public catalog search results.
To test
-------
[1] Create an OPAC-visible record whose 245 is something like:
=245 04$aThe hidden one <script>alert('title!')</script>
[2] Search for the record in both the TPAC and Bootstrap skin. Note
that the title isn't displayed.
[3] Apply the patch and repeat step 2. This time, the full title
should be displayed.
[4] Verify that the OPAC does not display an alert box.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Conflicts:
Open-ILS/src/templates-bootstrap/opac/parts/result/table.tt2
This patch fixes an issue where a record with a title containing the
word "hidden" can have its title, ironically enough, not show up
on public catalog search results.
To test
-------
[1] Create an OPAC-visible record whose 245 is something like:
=245 04$aThe hidden one <script>alert('title!')</script>
[2] Search for the record in both the TPAC and Bootstrap skin. Note
that the title isn't displayed.
[3] Apply the patch and repeat step 2. This time, the full title
should be displayed.
[4] Verify that the OPAC does not display an alert box.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Conflicts:
Open-ILS/src/templates-bootstrap/opac/parts/result/table.tt2
- files modified:
- Open-ILS/src/templates/opac/parts/result/table.tt2
expand all
collapse all
added
removed
