Permalink
Browse files

xss on keywords

  • Loading branch information...
1 parent 28c79f4 commit 6bdb9f28c5ea10e8e4b406b06215a10560e54e35 @isaacs isaacs committed Sep 16, 2011
Showing with 10 additions and 14 deletions.
  1. +10 −14 www/attachments/site.js
View
@@ -183,6 +183,12 @@ app.index = function () {
var tags = [];
}
+ tags = tags.map(function (tag) {
+ return tag.split('&').join('&')
+ .split('"').join('"')
+ .split('<').join('&lt;')
+ .split('>').join('&gt;')
+ })
currentTerms.forEach(function (t) {
t = t.toLowerCase();
if (doc._id.toLowerCase().indexOf(t.toLowerCase()) !== -1) doc.rank += 750;
@@ -247,11 +253,6 @@ app.index = function () {
})
})})
- // $('span.result-tags').each(function () {
- // var p = $(this).parent();
- // $(this).css({right: p.position().left+p.width(), top:p.position().top})
- // })
-
lastSearchForPage = currentSearch;
}
@@ -340,14 +341,6 @@ app.showPackage = function () {
package.append('<div class="author">by: <a href="/#/_author/'+encodeURIComponent(doc.author.name)+'">'+doc.author.name+'</div>')
}
- // if (doc['dist-tags'] && doc['dist-tags'].latest && (doc.versions[doc['dist-tags'].latest].keywords || doc.versions[doc['dist-tags'].latest].tags)) {
- // package.append(
- // '<div class="package-tags">tags: ' +
- // (doc.versions[doc['dist-tags'].latest].keywords || doc.versions[doc['dist-tags'].latest].tags).join(', ') +
- // '</div>'
- // )
- // }
-
//
// if (doc.maintainers && doc.maintainers.length > 0) {
@@ -694,7 +687,10 @@ app.browse = function () {
if (this.params.view) routes[this.params.view]();
}
app.tags = function () {
- var tag = this.params.tag;
+ var tag = this.params.tag.split('&').join('&amp;')
+ .split('"').join('&quot;')
+ .split('<').join('&lt;')
+ .split('>').join('&gt;')
clearContent();
$('div#content')
.append('<h2 style="text-align:center">tag: '+tag+'</h2>')

0 comments on commit 6bdb9f2

Please sign in to comment.