EPrints Technical Mailing List Archive

Message: #07965

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] search input html entities encoding

Maybe I've found it is in XHTML.pm on sub page:

                elsif( $type eq "pin" ) <- title for example is a pin
                {
                        my( $pinid, $modifier ) = split /:/, $rest, 2;
                        if( defined $modifier && $modifier eq "textonly" )
                        {
                                my $text;
                                if( defined
$map->{"utf-8.".$pinid.".textonly"} )
                                {
                                        $text =
$map->{"utf-8.".$pinid.".textonly"};
                                }
                                elsif( defined $map->{$pinid} )
                                {
                                        # don't convert href's to
<http://...>'s
                                        $text = $self->to_text_dump(
$map->{$pinid},
                                                show_links => 0,
                                        );
                                }

                                if( defined $text )
                                {
                                        # escape any entities in the
text (<>&" etc.) <- here
                                        my $xml =
$repo->xml->create_text_node( $text );
                                        $bit = $repo->xml->to_string(
$xml );
                                        $repo->xml->dispose( $xml );
                                }

Il 10/09/19 16:31, Yuri via Eprints-tech ha scritto:

Hi all!

   can someone point me to the code in Eprints which encode the html
entities of a search input, when rendering them in the page title and in
the page body?

For example if I search (simple search for example) for "&blah>" I get a
result page with:

<title>Search results for &amp;blah&gt; - Eprints Site</title>and in the
body:
Search results for <span class="search_desc">&amp;blah&gt;</span> I'm asking because I would to understand possible source of problems like XSS and so on.Thanks!


*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=LJVYA21mucU1vLiDjbL16oJlHlhAL1cVnoB7qqt9iKk%3D&amp;reserved=0
*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=vg9G0uB4qNPwv4MQFQJz2FX3snAZDSUhDxbVYLvN2tk%3D&amp;reserved=0
*** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=mx1imLEgnD%2BAZScw0es9ciobhgd6u1XnjsKaSLMJAto%3D&amp;reserved=0