Fixed missing escaping of HTML in search highlighting

This commit is contained in:
squidfunk 2021-07-28 21:57:09 +02:00
parent fc9cfaa263
commit 6744eb6070
6 changed files with 5 additions and 94 deletions

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -196,7 +196,7 @@
"base": base_url, "base": base_url,
"features": features, "features": features,
"translations": {}, "translations": {},
"search": "assets/javascripts/workers/search.53c85856.min.js" | url, "search": "assets/javascripts/workers/search.709b4209.min.js" | url,
"version": config.extra.version or None "version": config.extra.version or None
} -%} } -%}
{%- set translations = app.translations -%} {%- set translations = app.translations -%}
@ -223,7 +223,7 @@
</script> </script>
{% endblock %} {% endblock %}
{% block scripts %} {% block scripts %}
<script src="{{ 'assets/javascripts/bundle.716f8af4.min.js' | url }}"></script> <script src="{{ 'assets/javascripts/bundle.2b46852b.min.js' | url }}"></script>
{% for path in config["extra_javascript"] %} {% for path in config["extra_javascript"] %}
<script src="{{ path | url }}"></script> <script src="{{ path | url }}"></script>
{% endfor %} {% endfor %}

View File

@ -20,6 +20,8 @@
* IN THE SOFTWARE. * IN THE SOFTWARE.
*/ */
import escapeHTML from "escape-html"
import { SearchIndexConfig } from "../_" import { SearchIndexConfig } from "../_"
/* ---------------------------------------------------------------------------- /* ----------------------------------------------------------------------------
@ -77,7 +79,7 @@ export function setupSearchHighlighter(
})`, "img") })`, "img")
/* Highlight string value */ /* Highlight string value */
return value => value return value => escapeHTML(value)
.replace(match, highlight) .replace(match, highlight)
.replace(/<\/mark>(\s+)<mark[^>]*>/img, "$1") .replace(/<\/mark>(\s+)<mark[^>]*>/img, "$1")
} }