Search-term highlighting contains html

RESOLVED FIXED in M3

Status

Pancake
Back-end
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: st3fan, Assigned: gordonb)

Tracking

Details

(Reporter)

Description

6 years ago
Searching for 'mostek' returns:

<span class="highlight">Mostek</span> was an integrated...

That html should not be escaped.
(Reporter)

Updated

6 years ago
Assignee: sarentz → gbrander
(Reporter)

Comment 1

6 years ago
Maybe the pancake-search app should not include the span? It is probably better if the FE does not accept any html at all?
(Assignee)

Comment 2

6 years ago
I think this is a FE problem. We didn't see it previously, because the highlight flag was set to False. I'm going to turn off the highlighting until I can find a solution for the FE escaping.
(Assignee)

Comment 3

6 years ago
Turned off highlighting: https://bitbucket.org/mozillapancake/pancake/changeset/07594892f33c
(Assignee)

Updated

6 years ago
Depends on: 751382
(Assignee)

Comment 4

6 years ago
We probably want to move the transformation of those markers to the FE. Avoids a potential XSS vector.
(Assignee)

Updated

6 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

6 years ago
Status: ASSIGNED → NEW
(Assignee)

Updated

6 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 5

6 years ago
Track progress here: https://bitbucket.org/mozillapancake/pancake/changesets/tip/branch(%22transform-search-markers-on-front-end%22)
(Assignee)

Comment 6

6 years ago
Closed by https://bitbucket.org/mozillapancake/pancake/changeset/d5692808d156.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.