Fixed invalid escaping of HTML in search results

2024-06-14 11:52:32 +03:00 · 2021-08-24 18:33:42 +02:00 · 2021-08-24 18:33:42 +02:00 · 829820a239
commit 829820a239
parent 702de82585
8 changed files with 13 additions and 99 deletions
--- a/material/assets/javascripts/bundle.56838a2c.min.js
+++ b/material/assets/javascripts/bundle.56838a2c.min.js
--- a/material/assets/javascripts/bundle.56838a2c.min.js.map
+++ b/material/assets/javascripts/bundle.56838a2c.min.js.map
--- a/material/assets/javascripts/workers/search.709b4209.min.js
+++ b/material/assets/javascripts/workers/search.709b4209.min.js
--- a/material/assets/javascripts/workers/search.709b4209.min.js.map
+++ b/material/assets/javascripts/workers/search.709b4209.min.js.map
--- a/material/base.html
+++ b/material/base.html
@ -196,7 +196,7 @@
        "base": base_url,
        "features": features,
        "translations": {},
-        "search": "assets/javascripts/workers/search.709b4209.min.js" | url,
+        "search": "assets/javascripts/workers/search.409db549.min.js" | url,
        "version": config.extra.version or None
      } -%}
      {%- set translations = app.translations -%}
@ -223,7 +223,7 @@
      </script>
    {% endblock %}
    {% block scripts %}
-      <script src="{{ 'assets/javascripts/bundle.56838a2c.min.js' | url }}"></script>
+      <script src="{{ 'assets/javascripts/bundle.56a63758.min.js' | url }}"></script>
      {% for path in config["extra_javascript"] %}
        <script src="{{ path | url }}"></script>
      {% endfor %}
--- a/src/assets/javascripts/components/search/highlight/index.ts
+++ b/src/assets/javascripts/components/search/highlight/index.ts
@ -83,7 +83,7 @@ export function mountSearchHiglight(
      )
  ])
    .pipe(
-      map(([index, url]) => setupSearchHighlighter(index.config)(
+      map(([index, url]) => setupSearchHighlighter(index.config, true)(
        url.searchParams.get("h")!
      )),
      map(fn => {
--- a/src/assets/javascripts/integrations/search/_/index.ts
+++ b/src/assets/javascripts/integrations/search/_/index.ts
@ -167,7 +167,7 @@ export class Search {
    /* Set up document map and highlighter factory */
    this.documents = setupSearchDocumentMap(docs)
-    this.highlight = setupSearchHighlighter(config)
+    this.highlight = setupSearchHighlighter(config, false)
    /* Set separator for tokenizer */
    lunr.tokenizer.separator = new RegExp(config.separator)
--- a/src/assets/javascripts/integrations/search/highlighter/index.ts
+++ b/src/assets/javascripts/integrations/search/highlighter/index.ts
@ -54,11 +54,12 @@ export type SearchHighlightFactoryFn = (query: string) => SearchHighlightFn
 * Create a search highlighter
 *
 * @param config - Search index configuration
 * @param escape - Whether to escape HTML
 *
 * @returns Search highlight factory function
 */
 export function setupSearchHighlighter(
-  config: SearchIndexConfig
+  config: SearchIndexConfig, escape: boolean
 ): SearchHighlightFactoryFn {
  const separator = new RegExp(config.separator, "img")
  const highlight = (_: unknown, data: string, term: string) => {
@ -79,8 +80,12 @@ export function setupSearchHighlighter(
    })`, "img")
    /* Highlight string value */
-    return value => escapeHTML(value)
+    return value => (
-      .replace(match, highlight)
+      escape
-      .replace(/<\/mark>(\s+)<mark[^>]*>/img, "$1")
+        ? escapeHTML(value)
        : value
      )
        .replace(match, highlight)
        .replace(/<\/mark>(\s+)<mark[^>]*>/img, "$1")
  }
 }