IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 02:40:53 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: escape advanced search term

Browse Source
This commit is contained in:
Arpit Jalan 2016-12-08 14:54:36 +05:30
parent b4cafc5e78
commit 42b14b0d11
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/assets/javascripts/discourse/components/search-advanced-options.js.es6
View File

@ -1,4 +1,5 @@
import { observes } from 'ember-addons/ember-computed-decorators';
import { escapeExpression } from 'discourse/lib/utilities';
const REGEXP_BLOCKS = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g;
@ -103,7 +104,7 @@ export default Em.Component.extend({
},
findSearchTerms() {
const searchTerm = this.get('searchTerm');
const searchTerm = escapeExpression(this.get('searchTerm'));
if (!searchTerm)
return [];