Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3534dadd authored by Scott Main's avatar Scott Main
Browse files

docs: fix XSS vulnerability in search 

add a function that uses replace() to replace all
instances of '<' and '>' with the HTML entities and use
this wherever the query text is added onto the page.
parent d14f1bd7

docs/html/search.jd

+11 −3
Original line number Diff line number Diff line
@@ -71,7 +71,7 @@ page.title=Search Results 
            // save the tab index from the hash

            tabIndex = location.hash.split("&t=")[1];



            $("#searchTitle").html("search results for <em>" + query + "</em>");

            $("#searchTitle").html("search results for <em>" + escapeHTML(query) + "</em>");

            $.history.add('q=' + query + '&t=' + tabIndex);

            openTab();

        });
@@ -96,7 +96,8 @@ page.title=Search Results 
      $(window).history(function(e, hash) {

        var query = decodeURI(getQuery(hash));

        searchControl.execute(query);

        $("#searchTitle").html("search results for <em>" + query + "</em>");



        $("#searchTitle").html("search results for <em>" + escapeHTML(query) + "</em>");

      });



      // forcefully regain key-up event control (previously jacked by search api)
@@ -131,6 +132,13 @@ page.title=Search Results 
        return queryParts[1];

      }



      /* returns the given string with all HTML brackets converted to entities

         TODO: move this to the site's JS library */

      function escapeHTML(string) {

        return string.replace(/</g,"&lt;")

                     .replace(/>/g,"&gt;");

      }



</script>



  <div id="mainBodyFixed" style="width:auto; margin:20px">