You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is normally not a problem, since you probably don't want any malicious html/js in your documents anyway. But imagine a text document (e.g. html tutorial in plain text) which contains some html tags, javascript...
Example:
There are headline tags like <h1> which...
Now getting highlights from such document is unsafe since you will get this when searching for tags like
There are headline <em>tags like</em><h1> which...
Any chance to make the default SimpleHTMLEncoder or at least provide an option to make it customizable?
The text was updated successfully, but these errors were encountered:
Split apart the one-file build system into a modular build layout, using plugins
to control common build logic. Shave off the old plugins that aren't really used.
Clean up the last few problems with urls in poms to use https. Remove the s3
and checksum plugins. Reorganize tasks to make the build more sane. Use
composite gradle builds to create the cross compiled Scala artifacts.
Allow to set
encoder
within thehighlight
element, with possible values ofdefault
andhtml
.--- Original Request
Hi there,
seems like default encoder is used in ES https://github.com/elasticsearch/elasticsearch/blob/master/modules/elasticsearch/src/main/java/org/elasticsearch/search/highlight/HighlightPhase.java#L56
This is normally not a problem, since you probably don't want any malicious html/js in your documents anyway. But imagine a text document (e.g. html tutorial in plain text) which contains some html tags, javascript...
Example:
Now getting highlights from such document is unsafe since you will get this when searching for
tags like
Any chance to make the default SimpleHTMLEncoder or at least provide an option to make it customizable?
The text was updated successfully, but these errors were encountered: