/lib/style/skins/parc/search.js - Diff - Metacat - Ecoinformatics Redmine

« Previous | Next »

Revision 7678

Added by ben leinfelder almost 11 years ago

escape reserved XML characters when constructing a pathquery from user input (&). https://projects.ecoinformatics.org/ecoinfo/issues/3017

     function encodeXML(theString) {
     	return theString.replace(/&/g, '&amp;')
     		.replace(/</g, '&lt;')
     		.replace(/>/g, '&gt;')
     		.replace(/"/g, '&quot;');
+    }
     function trim(stringToTrim) {
         return stringToTrim.replace(/^\s*/, '').replace(/\s*$/,'');
+    }
     function checkSearch(submitFormObj) {
         var searchString = trim(submitFormObj.searchstring.value);
     	searchString = encodeXML(searchString);
         var checkBox = document.getElementById("searchAll");
         if (searchString=="") {

Also available in: Unified diff