nishiki/hugo-theme-relearn
1
0
Fork 0
mirror of https://github.com/McShelby/hugo-theme-relearn.git synced 2024-11-23 07:47:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix potential XSS in search (#492)

Browse source 
mostly it looks like a self-XSS but still good to fix
This commit is contained in:
Sandro Gauci 2021-04-01 01:48:33 +02:00 committed by GitHub
parent d7a4481ff2
commit d198cbe65f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
static/js/search.js
View file

@ -75,15 +75,18 @@ $( document ).ready(function() {
"(?:\\s?(?:[\\w]+)\\s?){0,"+numContextWords+"}" +
term+"(?:\\s?(?:[\\w]+)\\s?){0,"+numContextWords+"}");
item.context = text;
return '<div class="autocomplete-suggestion" ' +
'data-term="' + term + '" ' +
'data-title="' + item.title + '" ' +
'data-uri="'+ item.uri + '" ' +
'data-context="' + item.context + '">' +
'» ' + item.title +
'<div class="context">' +
(item.context || '') +'</div>' +
'</div>';
var divcontext = document.createElement("div");
divcontext.className = "context";
divcontext.innerText = (item.context || '');
var divsuggestion = document.createElement("div");
divsuggestion.className = "autocomplete-suggestion";
divsuggestion.setAttribute("data-term", term);
divsuggestion.setAttribute("data-title", item.title);
divsuggestion.setAttribute("data-uri", item.uri);
divsuggestion.setAttribute("data-context", item.context);
divsuggestion.innerText = '» ' + item.title;
divsuggestion.appendChild(divcontext);
return divsuggestion.outerHTML;
},
/* onSelect callback fires when a search suggestion is chosen */
onSelect: function(e, term, item) {