anonfunc/JellyPy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix potential XSS in search

Browse Source
This commit is contained in:
JonnyWong16
2018-05-02 10:26:05 -07:00
parent a915d2333f
commit 4fb4410552
3 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
data/interfaces/default/search.html
View File

@@ -28,15 +28,17 @@
<%def name="javascriptIncludes()">
<script>
var query_string = "${query.replace('"','\\"').replace('/','\\/') | n}";
$('#search_button').removeClass('btn-inactive');
$('#query').val("${query.replace('"','\\"') | n}").css({ right: '0', width: '250px' }).addClass('active');
$('#query').val(query_string).css({ right: '0', width: '250px' }).addClass('active');
$.ajax({
url: 'get_search_results_children',
type: "GET",
type: "POST",
async: true,
data: {
query: "${query.replace('"','\\"') | n}",
query: query_string,
limit: 30
},
complete: function (xhr, status) {

2
data/interfaces/default/update_metadata.html
View File

@@ -188,7 +188,7 @@ DOCUMENTATION :: END
},
complete: function (xhr, status) {
$('#search-results-list').html(xhr.responseText);
$('#update_query_title').html(query_string)
$('#update_query_title').text(query_string)
}
});
}