Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix xss in the search page
Thanks to Kamil Vavra for responsibly disclosing the vulnerability
according to Rust's Security Policy.
  • Loading branch information
pietroalbini authored and ehuss committed Jan 4, 2021
1 parent 5de9b68 commit 32abeef
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/theme/searcher/searcher.js
Expand Up @@ -145,6 +145,11 @@ window.search = window.search || {};
url.push("");
}

// encodeURIComponent escapes all chars that could allow an XSS except
// for '. Due to that we also manually replace ' with its url-encoded
// representation (%27).
var searchterms = encodeURIComponent(searchterms.join(" ")).replace(/\'/g, "%27");

return '<a href="' + path_to_root + url[0] + '?' + URL_MARK_PARAM + '=' + searchterms + '#' + url[1]
+ '" aria-details="teaser_' + teaser_count + '">' + result.doc.breadcrumbs + '</a>'
+ '<span class="teaser" id="teaser_' + teaser_count + '" aria-label="Search Result Teaser">'
Expand Down

0 comments on commit 32abeef

Please sign in to comment.