mirror of
https://github.com/McShelby/hugo-theme-relearn.git
synced 2024-11-23 07:47:54 +00:00
fix potential XSS in search (#492)
mostly it looks like a self-XSS but still good to fix
This commit is contained in:
parent
d7a4481ff2
commit
d198cbe65f
1 changed files with 12 additions and 9 deletions
|
@ -75,15 +75,18 @@ $( document ).ready(function() {
|
|||
"(?:\\s?(?:[\\w]+)\\s?){0,"+numContextWords+"}" +
|
||||
term+"(?:\\s?(?:[\\w]+)\\s?){0,"+numContextWords+"}");
|
||||
item.context = text;
|
||||
return '<div class="autocomplete-suggestion" ' +
|
||||
'data-term="' + term + '" ' +
|
||||
'data-title="' + item.title + '" ' +
|
||||
'data-uri="'+ item.uri + '" ' +
|
||||
'data-context="' + item.context + '">' +
|
||||
'» ' + item.title +
|
||||
'<div class="context">' +
|
||||
(item.context || '') +'</div>' +
|
||||
'</div>';
|
||||
var divcontext = document.createElement("div");
|
||||
divcontext.className = "context";
|
||||
divcontext.innerText = (item.context || '');
|
||||
var divsuggestion = document.createElement("div");
|
||||
divsuggestion.className = "autocomplete-suggestion";
|
||||
divsuggestion.setAttribute("data-term", term);
|
||||
divsuggestion.setAttribute("data-title", item.title);
|
||||
divsuggestion.setAttribute("data-uri", item.uri);
|
||||
divsuggestion.setAttribute("data-context", item.context);
|
||||
divsuggestion.innerText = '» ' + item.title;
|
||||
divsuggestion.appendChild(divcontext);
|
||||
return divsuggestion.outerHTML;
|
||||
},
|
||||
/* onSelect callback fires when a search suggestion is chosen */
|
||||
onSelect: function(e, term, item) {
|
||||
|
|
Loading…
Reference in a new issue