[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] search input html entities encoding



Maybe I've found it is in XHTML.pm on sub page:

 ??????????????? elsif( $type eq "pin" ) <- title for example is a pin
 ??????????????? {
 ??????????????????????? my( $pinid, $modifier ) = split /:/, $rest, 2;
 ??????????????????????? if( defined $modifier && $modifier eq "textonly" )
 ??????????????????????? {
 ??????????????????????????????? my $text;
 ??????????????????????????????? if( defined
$map->{"utf-8.".$pinid.".textonly"} )
 ??????????????????????????????? {
 ??????????????????????????????????????? $text =
$map->{"utf-8.".$pinid.".textonly"};
 ??????????????????????????????? }
 ??????????????????????????????? elsif( defined $map->{$pinid} )
 ??????????????????????????????? {
 ??????????????????????????????????????? # don't convert href's to
<http://...>'s
 ??????????????????????????????????????? $text = $self->to_text_dump(
$map->{$pinid},
 ??????????????????????????????????????????????? show_links => 0,
 ??????????????????????????????????????? );
 ??????????????????????????????? }

 ??????????????????????????????? if( defined $text )
 ??????????????????????????????? {
 ??????????????????????????????????????? # escape any entities in the
text (<>&" etc.) <- here
 ??????????????????????????????????????? my $xml =
$repo->xml->create_text_node( $text );
 ??????????????????????????????????????? $bit = $repo->xml->to_string(
$xml );
 ??????????????????????????????????????? $repo->xml->dispose( $xml );
 ??????????????????????????????? }

Il 10/09/19 16:31, Yuri via Eprints-tech ha scritto:
> Hi all!
>
>   ?can someone point me to the code in Eprints which encode the html
> entities of a search input, when rendering them in the page title and in
> the page body?
>
> For example if I search (simple search for example) for "&blah>" I get a
> result page with:
>
> <title>Search results for &amp;blah&gt; - Eprints Site</title>and in the
> body:
> Search results for <span class="search_desc">&amp;blah&gt;</span> I'm asking because I would to understand possible source of problems like XSS and so on.Thanks!
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=LJVYA21mucU1vLiDjbL16oJlHlhAL1cVnoB7qqt9iKk%3D&amp;reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=vg9G0uB4qNPwv4MQFQJz2FX3snAZDSUhDxbVYLvN2tk%3D&amp;reserved=0
> *** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C5ad74c05e2f342e503c308d737588f22%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=mx1imLEgnD%2BAZScw0es9ciobhgd6u1XnjsKaSLMJAto%3D&amp;reserved=0