Fix XSS in result display

Fixes blazegraph#144.
lucaswerkmeister · Jul 16, 2019 · 881d055 · 881d055
1 parent 3127706
commit 881d055
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/bigdata-war-html/src/main/webapp/html/js/workbench.js b/bigdata-war-html/src/main/webapp/html/js/workbench.js
@@ -1628,9 +1628,12 @@ function showPage(n) {
                linkText = escapeHTML(text).replace(/\n/g, '<br>');
                if(binding.type == 'typed-literal') {
                   tdData = ' class="literal" data-datatype="' + binding.datatype + '"';
+                  text = linkText;
                } else {
                   if(binding.type == 'uri' || binding.type == 'sid') {
                      text = '<a href="' + buildExploreHash(text) + '">' + linkText + '</a>';
+                  } else {
+                     text = linkText;
                   }
                   tdData = ' class="' + binding.type + '"';
                   if(binding['xml:lang']) {
@@ -1693,7 +1696,7 @@ function exploreSubmit(e) {
 }
 
 function buildExploreHash(uri) {
-   return '#explore:' + NAMESPACE + ':' + uri;
+   return '#explore:' + NAMESPACE + ':' + encodeURIComponent(uri);
 }
 
 function loadURI(target) {