Revision 7678
Added by ben leinfelder almost 11 years ago
| index.jsp | ||
|---|---|---|
| 49 | 49 |
src="<%=STYLE_COMMON_URL%>/branding.js"></script> |
| 50 | 50 |
<script language="Javascript"> |
| 51 | 51 |
|
| 52 |
function encodeXML(theString) {
|
|
| 53 |
return theString.replace(/&/g, '&') |
|
| 54 |
.replace(/</g, '<') |
|
| 55 |
.replace(/>/g, '>') |
|
| 56 |
.replace(/"/g, '"'); |
|
| 57 |
} |
|
| 52 | 58 |
function trim(stringToTrim) {
|
| 53 | 59 |
return stringToTrim.replace(/^\s*/, '').replace(/\s*$/,''); |
| 54 | 60 |
} |
| ... | ... | |
| 57 | 63 |
var checkBox = document.getElementById("searchCheckBox");
|
| 58 | 64 |
var searchBox = document.getElementById("searchBox");
|
| 59 | 65 |
var searchString = trim(searchBox.value); |
| 60 |
|
|
| 66 |
searchString = encodeXML(searchString); |
|
| 67 |
|
|
| 61 | 68 |
if (searchString=="") {
|
| 62 | 69 |
searchString="%"; |
| 63 | 70 |
} |
Also available in: Unified diff
escape reserved XML characters when constructing a pathquery from user input (&). https://projects.ecoinformatics.org/ecoinfo/issues/3017