p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added html escape for search queries to fix XSS issue b/28135307 am: 2bb3328 am: b32745e 

am: 06abbd3

* commit '06abbd3140f04dc5a08b57ca40c15628ae308ec3':
  Added html escape for search queries to fix XSS issue b/28135307

Change-Id: I6a594b9cf4bd07b498033521c532db726edad69c
This commit is contained in:
Amanda Kassay 2016-04-26 17:01:43 +00:00 committed by android-build-merger
parent 089e4bbcf5 06abbd3140
commit 2f57a4a25e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/droiddoc/templates-sdk/assets/js/docs.js
View File

@ -2546,7 +2546,7 @@ function search_focus_changed(obj, focused)
}
function submit_search() {
var query = document.getElementById('search_autocomplete').value;
var query = escapeHTML(document.getElementById('search_autocomplete').value);
location.hash = 'q=' + query;
searchControl.query = query;
searchControl.init();
@ -2617,7 +2617,7 @@ dacsearch.CustomSearchEngine.prototype.bindEvents_ = function() {
this.searchInputEl_.keyup(this.debounce_(function(e) {
var code = e.which;
if (code != 13) {
this.query = this.searchInputEl_.val();
this.query = escapeHTML(this.searchInputEl_.val());
location.hash = 'q=' + encodeURI(this.query);
this.searchResultEl_.empty();
this.getResults_();
@ -2800,7 +2800,7 @@ google.setOnLoadCallback(function(){
return;
} else {
// first time loading search results for this page
searchControl.query = decodeURI(location.hash.split('q=')[1]);
searchControl.query = escapeHTML(decodeURI(location.hash.split('q=')[1]));
searchControl.init();
searchControl.trackSearchRequest(searchControl.query);
$('#searchResults').slideDown('slow', setStickyTop);