bjoernager/rust
bjoernager/rust
1
Fork 0
Code Activity

rustdoc: escape shown input to prevent injection

Browse source
This commit is contained in:
Adrien Tétar 2014-05-02 11:32:41 +02:00
parent 9f484e616e
commit 5f0a426f65
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/librustdoc/html/static/main.js
View file

@ -386,12 +386,16 @@
}); });
} }
function escape(content) {
return $('<h1/>').text(content).html();
}
function showResults(results) { function showResults(results) {
var output, shown, query = getQuery(); var output, shown, query = getQuery();
currentResults = query.id; currentResults = query.id;
output = '<h1>Results for ' + query.query + output = '<h1>Results for ' + escape(query.query) +
(query.type ? ' (type: ' + query.type + ')' : '') + '</h1>'; (query.type ? ' (type: ' + escape(query.type) + ')' : '') + '</h1>';
output += '<table class="search-results">'; output += '<table class="search-results">';
if (results.length > 0) { if (results.length > 0) {
@ -650,4 +654,3 @@
window.initSearch = initSearch; window.initSearch = initSearch;
}()); }());