Bug 19840: And avoid XSS...

author Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Tue, 19 Dec 2017 18:45:53 +0000 (15:45 -0300)

committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Fri, 22 Dec 2017 16:15:36 +0000 (13:15 -0300)
author Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 19 Dec 2017 18:45:53 +0000 (15:45 -0300)
committer Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 22 Dec 2017 16:15:36 +0000 (13:15 -0300)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt

index 5fe673c..2d683e7 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt
@@ -77,7 +77,7 @@
         <h1>Patron note</h1>
         <p>[% issue.notedate | $KohaDates %]</p>
         <p><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% itembiblionumber %]"> [% title |html %]</a> [% author %]</p>
-        <p>[% issue.note %]</p>
+        <p>[% issue.note | html %]</p>
     </div>
 [% END %]
author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Tue, 19 Dec 2017 18:45:53 +0000 (15:45 -0300)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Fri, 22 Dec 2017 16:15:36 +0000 (13:15 -0300)