CODEBASE-302: The MARC view ("Librarian View") passes exact text found in the MARC record without escaping for HTML; if the MARC values include angle-brackets, they will be rendered as literals, which is inappropriate.
(Theoretically, this could be a security problem leaving things open to a kind of 'injection attack', if an attacker were able to get his stuff into a marc record that was then indexed! That doesn't seem like such a realistic/feasible attack, but still should be fixed.)
CODEBASE-302: The MARC view ("Librarian View") passes exact text found in the MARC record without escaping for HTML; if the MARC values include angle-brackets, they will be rendered as literals, which is inappropriate.
(Theoretically, this could be a security problem leaving things open to a kind of 'injection attack', if an attacker were able to get his stuff into a marc record that was then indexed! That doesn't seem like such a realistic/feasible attack, but still should be fixed.)