docs: fix XSS vulnerability in search
add a function that uses replace() to replace all
instances of '<' and '>' with the HTML entities and use
this wherever the query text is added onto the page.
diff --git a/docs/html/search.jd b/docs/html/search.jd
index 8032b22..d0e7478 100644
--- a/docs/html/search.jd
+++ b/docs/html/search.jd
@@ -70,8 +70,8 @@
searchControl.setSearchStartingCallback(this, function(control, searcher, query) {
// save the tab index from the hash
tabIndex = location.hash.split("&t=")[1];
-
- $("#searchTitle").html("search results for <em>" + query + "</em>");
+
+ $("#searchTitle").html("search results for <em>" + escapeHTML(query) + "</em>");
$.history.add('q=' + query + '&t=' + tabIndex);
openTab();
});
@@ -96,7 +96,8 @@
$(window).history(function(e, hash) {
var query = decodeURI(getQuery(hash));
searchControl.execute(query);
- $("#searchTitle").html("search results for <em>" + query + "</em>");
+
+ $("#searchTitle").html("search results for <em>" + escapeHTML(query) + "</em>");
});
// forcefully regain key-up event control (previously jacked by search api)
@@ -131,6 +132,13 @@
return queryParts[1];
}
+ /* returns the given string with all HTML brackets converted to entities
+ TODO: move this to the site's JS library */
+ function escapeHTML(string) {
+ return string.replace(/</g,"<")
+ .replace(/>/g,">");
+ }
+
</script>
<div id="mainBodyFixed" style="width:auto; margin:20px">
