We are using OJS-3.3.0-12 and want to prevent script-type data from entering during registration or public data entry like authors.
Our policy is not to filter content on entry, but to filter it appropriate to its use when it is displayed or exported. If you see a place where data is not correctly escaped on display or export, please report it following our security guidelines: ojs/SECURITY.md at main · pkp/ojs · GitHub
Public Knowledge Project Team
This topic was automatically closed after 10 days. New replies are no longer allowed.