Skip to content
Permalink
Browse files Browse the repository at this point in the history
BUG / SECURITY: module_search | portal-js -> fixed a possible xss inj…
…ection, the search param is now included htmlencoded an no longer as plaintext
  • Loading branch information
sidler committed Jun 8, 2014
1 parent fe6825b commit 4a07f94
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
Expand Up @@ -36,8 +36,8 @@
$.post(post_target, post_data, function(data, textStatus) {
$('#searchResult').html("<ul></ul>");
$("#spanSearchterm").html($(data).find("searchterm").text());
$("#spanSearchamount").html($(data).find("nrofresults").text());
$("#spanSearchterm").html($(data).find("searchterm").html());
$("#spanSearchamount").html($(data).find("nrofresults").html());
$('#resultSetHeader').css("display", "block");
$(data).find("item").each(function() {
Expand Down
Expand Up @@ -39,8 +39,8 @@
$.post(post_target, post_data, function(data, textStatus) {
$("#spanSearchtermSmall").html($(data).find("searchterm").text());
$("#spanSearchamountSmall").html($(data).find("nrofresults").text());
$("#spanSearchtermSmall").html($(data).find("searchterm").html());
$("#spanSearchamountSmall").html($(data).find("nrofresults").html());
$('#searchResultSmall').html($("#resultSetHeaderSmall").html());
$('#searchResultSmall').append($("<ul></ul>"));
Expand Down

0 comments on commit 4a07f94

Please sign in to comment.