Project

General

Profile

Revision 7678

escape reserved XML characters when constructing a pathquery from user input (&). https://projects.ecoinformatics.org/ecoinfo/issues/3017

View differences:

index.jsp
44 44
          src="<%=STYLE_COMMON_URL%>/branding.js"></script>
45 45
  <script language="Javascript">
46 46

  
47
		function encodeXML(theString) {
48
			return theString.replace(/&/g, '&amp;')
49
				.replace(/</g, '&lt;')
50
				.replace(/>/g, '&gt;')
51
				.replace(/"/g, '&quot;');
52
		}
53
		
47 54
        function trim(stringToTrim) {
48 55
                return stringToTrim.replace(/^\s*/, '').replace(/\s*$/,'');
49 56
        }
50 57

  
51 58
        function checkSearch(submitFormObj) {
52
                var searchString = trim(submitFormObj.searchstring.value);
53
		var checkBox = document.getElementById("searchAll");
59
        	var searchString = trim(submitFormObj.searchstring.value);
60
    		searchString = encodeXML(searchString);
61
			var checkBox = document.getElementById("searchAll");
54 62

  
55 63
                if (searchString=="") {
56 64
                       if (confirm("Show *all* data?")) {

Also available in: Unified diff