openkylin
/
platform_build
mirror of https://gitee.com/openkylin/platform_build.git
9
0
Fork 1
Code Issues Projects Releases Wiki Activity

Added html escape for search queries to fix XSS issue b/28135307 am: 2bb3328 

am: b32745e

* commit 'b32745ef8d8558cfae01e04c373d54298634ba47':
  Added html escape for search queries to fix XSS issue b/28135307

Change-Id: I81ac6c86286a142ee67848b172ad9ee2aa0bc5b1
This commit is contained in:
Amanda Kassay 2016-04-26 03:52:28 +00:00 committed by android-build-merger
parent 0e7d143722 b32745ef8d
commit 06abbd3140
1 changed files with 3 additions and 3 deletions
tools/droiddoc/templates-sdk/assets/js
docs.js

6
tools/droiddoc/templates-sdk/assets/js/docs.js
View File

@ -2546,7 +2546,7 @@ function search_focus_changed(obj, focused)
}
function submit_search() {
var query = document.getElementById('search_autocomplete').value;
var query = escapeHTML(document.getElementById('search_autocomplete').value);
location.hash = 'q=' + query;
searchControl.query = query;
searchControl.init();
@ -2617,7 +2617,7 @@ dacsearch.CustomSearchEngine.prototype.bindEvents_ = function() {
this.searchInputEl_.keyup(this.debounce_(function(e) {
var code = e.which;
if (code != 13) {
this.query = this.searchInputEl_.val();
this.query = escapeHTML(this.searchInputEl_.val());
location.hash = 'q=' + encodeURI(this.query);
this.searchResultEl_.empty();
this.getResults_();
@ -2800,7 +2800,7 @@ google.setOnLoadCallback(function(){
return;
} else {
// first time loading search results for this page
searchControl.query = decodeURI(location.hash.split('q=')[1]);
searchControl.query = escapeHTML(decodeURI(location.hash.split('q=')[1]));
searchControl.init();
searchControl.trackSearchRequest(searchControl.query);
$('#searchResults').slideDown('slow', setStickyTop);