LP#1902965: change format type in XML transform to avoid XSS in SuperCat

Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Signed-off-by: Jason Boyer <JBoyer@equinoxinitiative.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>

diff --git a/Open-ILS/xsl/MARC21slim2ATOM.xsl b/Open-ILS/xsl/MARC21slim2ATOM.xsl
index 05914d9..0e6e800 100644 (file)
--- a/Open-ILS/xsl/MARC21slim2ATOM.xsl
+++ b/Open-ILS/xsl/MARC21slim2ATOM.xsl
@@ -67,7 +67,7 @@
                        </xsl:for-each>
 
                        <xsl:for-each select="marc:datafield[@tag=260]">
-                               <rights type="html">
+                               <rights>
                                        <xsl:text>&#169; </xsl:text>
                                        <xsl:call-template name="subfieldSelect">
                                                <xsl:with-param name="codes">c</xsl:with-param>