Revision 7678
Added by ben leinfelder over 11 years ago
index.jsp | ||
---|---|---|
44 | 44 |
src="<%=STYLE_COMMON_URL%>/branding.js"></script> |
45 | 45 |
<script language="Javascript"> |
46 | 46 |
|
47 |
function encodeXML(theString) { |
|
48 |
return theString.replace(/&/g, '&') |
|
49 |
.replace(/</g, '<') |
|
50 |
.replace(/>/g, '>') |
|
51 |
.replace(/"/g, '"'); |
|
52 |
} |
|
53 |
|
|
47 | 54 |
function trim(stringToTrim) { |
48 | 55 |
return stringToTrim.replace(/^\s*/, '').replace(/\s*$/,''); |
49 | 56 |
} |
50 | 57 |
|
51 | 58 |
function checkSearch(submitFormObj) { |
52 |
var searchString = trim(submitFormObj.searchstring.value); |
|
53 |
var checkBox = document.getElementById("searchAll"); |
|
59 |
var searchString = trim(submitFormObj.searchstring.value); |
|
60 |
searchString = encodeXML(searchString); |
|
61 |
var checkBox = document.getElementById("searchAll"); |
|
54 | 62 |
|
55 | 63 |
if (searchString=="") { |
56 | 64 |
if (confirm("Show *all* data?")) { |
Also available in: Unified diff
escape reserved XML characters when constructing a pathquery from user input (&). https://projects.ecoinformatics.org/ecoinfo/issues/3017