[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] search input html entities encoding
Maybe I've found it is in XHTML.pm on sub page:
??????????????? elsif( $type eq "pin" ) <- title for example is a pin
??????????????? {
??????????????????????? my( $pinid, $modifier ) = split /:/, $rest, 2;
??????????????????????? if( defined $modifier && $modifier eq "textonly" )
??????????????????????? {
??????????????????????????????? my $text;
??????????????????????????????? if( defined
$map->{"utf-8.".$pinid.".textonly"} )
??????????????????????????????? {
??????????????????????????????????????? $text =
$map->{"utf-8.".$pinid.".textonly"};
??????????????????????????????? }
??????????????????????????????? elsif( defined $map->{$pinid} )
??????????????????????????????? {
??????????????????????????????????????? # don't convert href's to
<http://...>'s
??????????????????????????????????????? $text = $self->to_text_dump(
$map->{$pinid},
??????????????????????????????????????????????? show_links => 0,
??????????????????????????????????????? );
??????????????????????????????? }
??????????????????????????????? if( defined $text )
??????????????????????????????? {
??????????????????????????????????????? # escape any entities in the
text (<>&" etc.) <- here
??????????????????????????????????????? my $xml =
$repo->xml->create_text_node( $text );
??????????????????????????????????????? $bit = $repo->xml->to_string(
$xml );
??????????????????????????????????????? $repo->xml->dispose( $xml );
??????????????????????????????? }
Il 10/09/19 16:31, Yuri via Eprints-tech ha scritto:
> Hi all!
>
> ?can someone point me to the code in Eprints which encode the html
> entities of a search input, when rendering them in the page title and in
> the page body?
>
> For example if I search (simple search for example) for "&blah>" I get a
> result page with:
>
> <title>Search results for &blah> - Eprints Site</title>and in the
> body:
> Search results for <span class="search_desc">&blah></span> I'm asking because I would to understand possible source of problems like XSS and so on.Thanks!
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=LJVYA21mucU1vLiDjbL16oJlHlhAL1cVnoB7qqt9iKk%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=vg9G0uB4qNPwv4MQFQJz2FX3snAZDSUhDxbVYLvN2tk%3D&reserved=0
> *** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=mx1imLEgnD%2BAZScw0es9ciobhgd6u1XnjsKaSLMJAto%3D&reserved=0