Skip to content
Permalink
Browse files Browse the repository at this point in the history
[DS-4453] Discovery autocomplete HTML escaping (JSPUI)
  • Loading branch information
kshepherd committed Jul 26, 2022
1 parent d1dd7d2 commit 6f75bb0
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions dspace-jspui/src/main/webapp/search/discovery.jsp
Expand Up @@ -141,7 +141,7 @@
tmp_val = item.displayedValue;
}
return {
label: item.displayedValue + " (" + item.count + ")",
label: escapeHtml(item.displayedValue) + " (" + item.count + ")",
value: tmp_val
};
}))
Expand All @@ -153,7 +153,12 @@
function validateFilters() {
return document.getElementById("filterquery").value.length > 0;
}
</script>
// Generic HTML escape utility
var escapeHtml = s => (s + '').replace(/[&<>"']/g, m => ({
'&': '&amp;', '<': '&lt;', '>': '&gt;',
'"': '&quot;', "'": '&#39;'
})[m]);
</script>
</c:set>

<dspace:layout titlekey="jsp.search.title">
Expand Down

0 comments on commit 6f75bb0

Please sign in to comment.