fix xss in the search page
Thanks to Kamil Vavra for responsibly disclosing the vulnerability according to Rust's Security Policy.
This commit is contained in:
parent
eaa6914205
commit
648c9ae772
|
@ -145,6 +145,11 @@ window.search = window.search || {};
|
||||||
url.push("");
|
url.push("");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// encodeURIComponent escapes all chars that could allow an XSS except
|
||||||
|
// for '. Due to that we also manually replace ' with its url-encoded
|
||||||
|
// representation (%27).
|
||||||
|
var searchterms = encodeURIComponent(searchterms.join(" ")).replace(/\'/g, "%27");
|
||||||
|
|
||||||
return '<a href="' + path_to_root + url[0] + '?' + URL_MARK_PARAM + '=' + searchterms + '#' + url[1]
|
return '<a href="' + path_to_root + url[0] + '?' + URL_MARK_PARAM + '=' + searchterms + '#' + url[1]
|
||||||
+ '" aria-details="teaser_' + teaser_count + '">' + result.doc.breadcrumbs + '</a>'
|
+ '" aria-details="teaser_' + teaser_count + '">' + result.doc.breadcrumbs + '</a>'
|
||||||
+ '<span class="teaser" id="teaser_' + teaser_count + '" aria-label="Search Result Teaser">'
|
+ '<span class="teaser" id="teaser_' + teaser_count + '" aria-label="Search Result Teaser">'
|
||||||
|
|
Loading…
Reference in New Issue