Skip to content

Commit 4a07f94

Browse files
committed
BUG / SECURITY: module_search | portal-js -> fixed a possible xss injection, the search param is now included htmlencoded an no longer as plaintext
1 parent fe6825b commit 4a07f94

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

Diff for: module_search/templates/default/tpl/module_search/search_ajax.tpl

+2-2
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@
3636
3737
$.post(post_target, post_data, function(data, textStatus) {
3838
$('#searchResult').html("<ul></ul>");
39-
$("#spanSearchterm").html($(data).find("searchterm").text());
40-
$("#spanSearchamount").html($(data).find("nrofresults").text());
39+
$("#spanSearchterm").html($(data).find("searchterm").html());
40+
$("#spanSearchamount").html($(data).find("nrofresults").html());
4141
$('#resultSetHeader').css("display", "block");
4242
4343
$(data).find("item").each(function() {

Diff for: module_search/templates/default/tpl/module_search/search_ajax_small.tpl

+2-2
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@
3939
$.post(post_target, post_data, function(data, textStatus) {
4040
4141
42-
$("#spanSearchtermSmall").html($(data).find("searchterm").text());
43-
$("#spanSearchamountSmall").html($(data).find("nrofresults").text());
42+
$("#spanSearchtermSmall").html($(data).find("searchterm").html());
43+
$("#spanSearchamountSmall").html($(data).find("nrofresults").html());
4444
4545
$('#searchResultSmall').html($("#resultSetHeaderSmall").html());
4646
$('#searchResultSmall').append($("<ul></ul>"));

0 commit comments

Comments
 (0)