p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added html escape for search queries to fix XSS issue b/28135307 

am: 2bb3328

* commit '2bb332896563f6850698c93041a399a86db8f50b':
  Added html escape for search queries to fix XSS issue b/28135307

Change-Id: If6ff5f1750c823cd9d8e1b92a667360e0f341629
This commit is contained in:
Amanda Kassay 2016-04-14 18:35:28 +00:00 committed by android-build-merger
parent 77ed554f6f 2bb3328965
commit b32745ef8d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/droiddoc/templates-sdk/assets/js/docs.js
View File

@ -2546,7 +2546,7 @@ function search_focus_changed(obj, focused)
} }
function submit_search() { function submit_search() {
var query = document.getElementById('search_autocomplete').value; var query = escapeHTML(document.getElementById('search_autocomplete').value);
location.hash = 'q=' + query; location.hash = 'q=' + query;
searchControl.query = query; searchControl.query = query;
searchControl.init(); searchControl.init();
@ -2617,7 +2617,7 @@ dacsearch.CustomSearchEngine.prototype.bindEvents_ = function() {
this.searchInputEl_.keyup(this.debounce_(function(e) { this.searchInputEl_.keyup(this.debounce_(function(e) {
var code = e.which; var code = e.which;
if (code != 13) { if (code != 13) {
this.query = this.searchInputEl_.val(); this.query = escapeHTML(this.searchInputEl_.val());
location.hash = 'q=' + encodeURI(this.query); location.hash = 'q=' + encodeURI(this.query);
this.searchResultEl_.empty(); this.searchResultEl_.empty();
this.getResults_(); this.getResults_();
@ -2800,7 +2800,7 @@ google.setOnLoadCallback(function(){
return; return;
} else { } else {
// first time loading search results for this page // first time loading search results for this page
searchControl.query = decodeURI(location.hash.split('q=')[1]); searchControl.query = escapeHTML(decodeURI(location.hash.split('q=')[1]));
searchControl.init(); searchControl.init();
searchControl.trackSearchRequest(searchControl.query); searchControl.trackSearchRequest(searchControl.query);
$('#searchResults').slideDown('slow', setStickyTop); $('#searchResults').slideDown('slow', setStickyTop);