Fixed: XSS vulnerability in the navbar search. (#2505)

Fixes #2503
This commit is contained in:
Scott 2018-02-12 05:20:55 +13:00 committed by Leonardo Galli
parent f4e2a510f2
commit 3ed0652feb
1 changed files with 3 additions and 1 deletions

View File

@ -30,7 +30,9 @@ $.fn.bindSearch = function() {
},
templates : {
empty : function(input) {
return '<div class="tt-dataset-series"><span class="tt-suggestions" style="display: block;"><div class="tt-suggestion"><p style="white-space: normal;"><a class="no-movies-found" href="/addmovies/search/' + input.query + '">Search for "' + input.query + '"</a></p></div></span></div>';
var escapedQuery = _.escape(input.query);
return "<div class='tt-dataset-series'><span class='tt-suggestions' style='display: block;'><div class='tt-suggestion'><p style='white-space: normal;'><a class='no-movies-found' href='/addmovies/search/'" + escapedQuery + "'>Search for " + escapedQuery + "</a></p></div></span></div>";
},
},
source : substringMatcher()