am 56725939: am 5eb80efb: am 3534dadd: docs: fix XSS vulnerability in search

Merge commit '56725939b117f7ee71e7fdaf1c8bf865d9e377ab' into eclair-mr2-plus-aosp

* commit '56725939b117f7ee71e7fdaf1c8bf865d9e377ab':
  docs: fix XSS vulnerability in search

1 files changed, 11 insertions, 3 deletions

diff --git a/docs/html/search.jd b/docs/html/search.jd
index 8032b22..d0e7478 100644
--- a/docs/html/search.jd
+++ b/docs/html/search.jd
@@ -70,8 +70,8 @@ page.title=Search Results
         searchControl.setSearchStartingCallback(this, function(control, searcher, query) {
             // save the tab index from the hash
             tabIndex = location.hash.split("&t=")[1];
-        
-            $("#searchTitle").html("search results for <em>" + query + "</em>");
+
+            $("#searchTitle").html("search results for <em>" + escapeHTML(query) + "</em>");
             $.history.add('q=' + query + '&t=' + tabIndex);
             openTab();
         });
@@ -96,7 +96,8 @@ page.title=Search Results
       $(window).history(function(e, hash) {
         var query = decodeURI(getQuery(hash));
         searchControl.execute(query);
-        $("#searchTitle").html("search results for <em>" + query + "</em>");
+
+        $("#searchTitle").html("search results for <em>" + escapeHTML(query) + "</em>");
       });
 
       // forcefully regain key-up event control (previously jacked by search api)
@@ -131,6 +132,13 @@ page.title=Search Results
         return queryParts[1];
       }
 
+      /* returns the given string with all HTML brackets converted to entities
+         TODO: move this to the site's JS library */
+      function escapeHTML(string) {
+        return string.replace(/</g,"&lt;")
+                     .replace(/>/g,"&gt;");
+      }
+
 </script>

 

   <div id="mainBodyFixed" style="width:auto; margin:20px">