From d695c0e9c9d555ebce3adb86154926e2c615f699 Mon Sep 17 00:00:00 2001 From: Chris Hall Date: Wed, 17 Oct 2012 14:32:19 +1300 Subject: [PATCH] bug 3652 fixing XSS vulnerabilities in opac-search Signed-off-by: Mason James --- koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt | 2 +- koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt index 2d52b33768..418de13262 100644 --- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt +++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tt @@ -56,7 +56,7 @@ $(document).ready(function(){ return false; }); [% IF ( query_desc ) %] - var query_desc = "[% query_desc |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') %]"; + var query_desc = "[% query_desc |replace("'", "\'") |replace('\n', '\\n') |replace('\r', '\\r') |html %]"; q_array = query_desc.split(" "); // ensure that we don't have "" at the end of the array, which can // break the highlighter diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt index dbe78dd2f1..d372da37b6 100644 --- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt +++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results.tt @@ -198,7 +198,7 @@ $(document).ready(function(){ [% END %] $("#holdDetails").hide(); -[% IF ( query_desc ) %][% IF ( OpacHighlightedWords ) %]var query_desc = "[% query_desc |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') %]"; +[% IF ( query_desc ) %][% IF ( OpacHighlightedWords ) %]var query_desc = "[% query_desc |replace("'", "\'") |replace('\n', '\\n') |replace('\r', '\\r') |html %]"; q_array = query_desc.split(" "); // ensure that we don't have "" at the end of the array, which can // break the highlighter -- 2.39.5