From 881d055fb5ebecf4c2679f7c3153d465ba2e20bd Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <smalyshev@gmail.com>
Date: Fri, 29 Mar 2019 16:33:35 -0700
Subject: [PATCH] Fix XSS in result display

Fixes #144.
---
 bigdata-war-html/src/main/webapp/html/js/workbench.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bigdata-war-html/src/main/webapp/html/js/workbench.js b/bigdata-war-html/src/main/webapp/html/js/workbench.js
index 993523e8c2..0ec7f0446b 100644
--- a/bigdata-war-html/src/main/webapp/html/js/workbench.js
+++ b/bigdata-war-html/src/main/webapp/html/js/workbench.js
@@ -1628,9 +1628,12 @@ function showPage(n) {
                linkText = escapeHTML(text).replace(/\n/g, '<br>');
                if(binding.type == 'typed-literal') {
                   tdData = ' class="literal" data-datatype="' + binding.datatype + '"';
+                  text = linkText;
                } else {
                   if(binding.type == 'uri' || binding.type == 'sid') {
                      text = '<a href="' + buildExploreHash(text) + '">' + linkText + '</a>';
+                  } else {
+                     text = linkText;
                   }
                   tdData = ' class="' + binding.type + '"';
                   if(binding['xml:lang']) {
@@ -1693,7 +1696,7 @@ function exploreSubmit(e) {
 }
 
 function buildExploreHash(uri) {
-   return '#explore:' + NAMESPACE + ':' + uri;
+   return '#explore:' + NAMESPACE + ':' + encodeURIComponent(uri);
 }
 
 function loadURI(target) {