Scrub search results from ES
This scrubs the HTML we display from ES to avoid script injection.hotfix-virtualenv-no-downlaod
parent
4b4c98cc2b
commit
a5330cf751
|
@ -21,7 +21,8 @@
|
|||
"knockout": "~3.3.0",
|
||||
"jquery.payment": "~1.3.0",
|
||||
"jquery-migrate": "~1.2.1",
|
||||
"jquery-ui": "1.8.23"
|
||||
"jquery-ui": "1.8.23",
|
||||
"xss": "~0.3.1"
|
||||
},
|
||||
"resolutions": {
|
||||
"jquery": "2.0.3"
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
"version": "0.0.1",
|
||||
"description": "Read the Docs build dependencies",
|
||||
"author": "Anthony Johnson <anthony@readthedocs.com>",
|
||||
"dependencies": {},
|
||||
"dependencies": {
|
||||
"cssfilter": "0.0.8"
|
||||
},
|
||||
"devDependencies": {
|
||||
"bower": "*",
|
||||
"bower-resolve": "^2.2.1",
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
* Sphinx search overrides
|
||||
*/
|
||||
|
||||
var rtddata = require('./rtd-data');
|
||||
var rtddata = require('./rtd-data'),
|
||||
xss = require('xss/lib/index');
|
||||
|
||||
|
||||
function init() {
|
||||
|
@ -62,7 +63,7 @@ function attach_elastic_search_query(data) {
|
|||
}
|
||||
if (highlight.content.length) {
|
||||
var content = $('<div class="context">')
|
||||
.html(highlight.content[0]);
|
||||
.html(xss(highlight.content[0]));
|
||||
content.find('em').addClass('highlighted');
|
||||
list_item.append(content);
|
||||
}
|
||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue