openkylin
/
platform_build
mirror of https://gitee.com/openkylin/platform_build.git
9
0
Fork 1
Code Issues Projects Releases Wiki Activity

Added html escape for search queries to fix XSS issue 

b/28135307

Change-Id: Ifd1a0eadbdb726558446af4860986d1af55b77ae
This commit is contained in:
Amanda Kassay 2016-04-14 11:29:32 -04:00
parent 6e90dbff6c
commit 2bb3328965
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/droiddoc/templates-sdk/assets/js/docs.js
View File

@ -2546,7 +2546,7 @@ function search_focus_changed(obj, focused)
} }
function submit_search() { function submit_search() {
var query = document.getElementById('search_autocomplete').value; var query = escapeHTML(document.getElementById('search_autocomplete').value);
location.hash = 'q=' + query; location.hash = 'q=' + query;
searchControl.query = query; searchControl.query = query;
searchControl.init(); searchControl.init();
@ -2617,7 +2617,7 @@ dacsearch.CustomSearchEngine.prototype.bindEvents_ = function() {
this.searchInputEl_.keyup(this.debounce_(function(e) { this.searchInputEl_.keyup(this.debounce_(function(e) {
var code = e.which; var code = e.which;
if (code != 13) { if (code != 13) {
this.query = this.searchInputEl_.val(); this.query = escapeHTML(this.searchInputEl_.val());
location.hash = 'q=' + encodeURI(this.query); location.hash = 'q=' + encodeURI(this.query);
this.searchResultEl_.empty(); this.searchResultEl_.empty();
this.getResults_(); this.getResults_();
@ -2800,7 +2800,7 @@ google.setOnLoadCallback(function(){
return; return;
} else { } else {
// first time loading search results for this page // first time loading search results for this page
searchControl.query = decodeURI(location.hash.split('q=')[1]); searchControl.query = escapeHTML(decodeURI(location.hash.split('q=')[1]));
searchControl.init(); searchControl.init();
searchControl.trackSearchRequest(searchControl.query); searchControl.trackSearchRequest(searchControl.query);
$('#searchResults').slideDown('slow', setStickyTop); $('#searchResults').slideDown('slow', setStickyTop);