Skip to content
Permalink
Browse files Browse the repository at this point in the history
[DS-4453] Fix XSS handling in JSPUI discovery autocomplete
  • Loading branch information
kshepherd committed May 27, 2022
1 parent 7569c63 commit 35030a2
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion dspace-jspui/src/main/webapp/search/discovery.jsp
Expand Up @@ -147,7 +147,7 @@
tmp_val = item.displayedValue;
}
return {
label: item.displayedValue + " (" + item.count + ")",
label: escapeHtml(item.displayedValue) + " (" + item.count + ")",
value: tmp_val
};
}))
Expand All @@ -159,6 +159,11 @@
function validateFilters() {
return document.getElementById("filterquery").value.length > 0;
}
// Generic HTML escape utility
var escapeHtml = s => (s + '').replace(/[&<>"']/g, m => ({
'&': '&amp;', '<': '&lt;', '>': '&gt;',
'"': '&quot;', "'": '&#39;'
})[m]);
</script>
</c:set>

Expand Down

0 comments on commit 35030a2

Please sign in to comment.