dan/api_docs
1
0
Fork 0
mirror of https://github.com/danbulant/api_docs synced 2026-06-09 17:41:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed XSS vuln in searchbox

Browse source
This commit is contained in:
Kevin Adams 2014-10-08 16:38:46 -07:00
parent 9c7ea33305
commit b40b3b47ed
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
source/javascripts/app/search.js
View file

@ -53,7 +53,7 @@
}); });
highlight.call(this); highlight.call(this);
} else { } else {
searchResults.html('<li>No Results Found for "' + this.value + '"</li>'); searchResults.html('<li>No Results Found for "' + this.value.escapeHTML() + '"</li>');
} }
} else { } else {
unhighlight(); unhighlight();
@ -69,4 +69,19 @@
content.unhighlight(highlightOpts); content.unhighlight(highlightOpts);
} }
var __entityMap = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};
String.prototype.escapeHTML = function() {
return String(this).replace(/[&<>"'\/]/g, function (s) {
return __entityMap[s];
});
}
})(window); })(window);