[DS-4453] Fix XSS handling in JSPUI discovery spellcheck

DSpace · May 27, 2022 · ebb83a7 · ebb83a7
1 parent 35030a2
commit ebb83a7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/dspace-jspui/src/main/webapp/search/discovery.jsp b/dspace-jspui/src/main/webapp/search/discovery.jsp
@@ -209,7 +209,7 @@
         <input type="text" size="50" id="query" name="query" value="<%= (query==null ? "" : Utils.addEntities(query)) %>"/>
         <input type="submit" id="main-query-submit" class="btn btn-primary" value="<fmt:message key="jsp.general.go"/>" />
 <% if (StringUtils.isNotBlank(spellCheckQuery)) {%>
-	<p class="lead"><fmt:message key="jsp.search.didyoumean"><fmt:param><a id="spellCheckQuery" data-spell="<%= Utils.addEntities(spellCheckQuery) %>" href="#"><%= spellCheckQuery %></a></fmt:param></fmt:message></p>
+	<p class="lead"><fmt:message key="jsp.search.didyoumean"><fmt:param><a id="spellCheckQuery" data-spell="<%= Utils.addEntities(spellCheckQuery) %>" href="#"><%= Utils.addEntities(spellCheckQuery) %></a></fmt:param></fmt:message></p>
 <% } %>                  
         <input type="hidden" value="<%= rpp %>" name="rpp" />
         <input type="hidden" value="<%= Utils.addEntities(sortedBy) %>" name="sort_by" />