EPrints Technical Mailing List Archive

Message: #07964


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] search input html entities encoding


Hi all!

 can someone point me to the code in Eprints which encode the html
entities of a search input, when rendering them in the page title and in
the page body?

For example if I search (simple search for example) for "&blah>" I get a
result page with:

<title>Search results for &amp;blah&gt; - Eprints Site</title>and in the
body:
Search results for <span class="search_desc">&amp;blah&gt;</span> I'm asking because I would to understand possible source of problems like XSS and so on.Thanks!