Closed Bug 754969 Opened 12 years ago Closed 12 years ago

Search-term highlighting contains html

Categories

(Pancake Graveyard :: Back-end, defect)

x86
macOS
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: st3fan, Assigned: gbrander)

References

Details

Searching for 'mostek' returns:

<span class="highlight">Mostek</span> was an integrated...

That html should not be escaped.
Assignee: sarentz → gbrander
Maybe the pancake-search app should not include the span? It is probably better if the FE does not accept any html at all?
I think this is a FE problem. We didn't see it previously, because the highlight flag was set to False. I'm going to turn off the highlighting until I can find a solution for the FE escaping.
Depends on: 751382
We probably want to move the transformation of those markers to the FE. Avoids a potential XSS vector.
Status: NEW → ASSIGNED
Status: ASSIGNED → NEW
Status: NEW → ASSIGNED
Closed by https://bitbucket.org/mozillapancake/pancake/changeset/d5692808d156.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.