EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #07964
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] search input html entities encoding
- To: "EPrints.org Technical List" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] search input html entities encoding
- From: Yuri <yurj@alfa.it>
- Date: Tue, 10 Sep 2019 16:31:58 +0200
Hi all! can someone point me to the code in Eprints which encode the html entities of a search input, when rendering them in the page title and in the page body? For example if I search (simple search for example) for "&blah>" I get a result page with: <title>Search results for &blah> - Eprints Site</title>and in the body: Search results for <span class="search_desc">&blah></span> I'm asking because I would to understand possible source of problems like XSS and so on.Thanks!
- Follow-Ups:
- [EP-tech] search input html entities encoding
- From: Yuri <yurj@alfa.it>
- [EP-tech] search input html entities encoding
- References:
- [EP-tech] search input html entities encoding
- From: Yuri <yurj@alfa.it>
- [EP-tech] search input html entities encoding
- Prev by Date: [EP-tech] Mendeley Web Import and Eprints
- Next by Date: Re: [EP-tech] search input html entities encoding
- Previous by thread: [EP-tech] EPrints/CRIS
- Next by thread: [EP-tech] DOI handling in orcid_support_advance
- Index(es):