Closed
Bug 754969
Opened 12 years ago
Closed 12 years ago
Search-term highlighting contains html
Categories
(Pancake Graveyard :: Back-end, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
M3
People
(Reporter: st3fan, Assigned: gbrander)
References
Details
Searching for 'mostek' returns: <span class="highlight">Mostek</span> was an integrated... That html should not be escaped.
Reporter | ||
Updated•12 years ago
|
Assignee: sarentz → gbrander
Reporter | ||
Comment 1•12 years ago
|
||
Maybe the pancake-search app should not include the span? It is probably better if the FE does not accept any html at all?
Assignee | ||
Comment 2•12 years ago
|
||
I think this is a FE problem. We didn't see it previously, because the highlight flag was set to False. I'm going to turn off the highlighting until I can find a solution for the FE escaping.
Assignee | ||
Comment 3•12 years ago
|
||
Turned off highlighting: https://bitbucket.org/mozillapancake/pancake/changeset/07594892f33c
Assignee | ||
Comment 4•12 years ago
|
||
We probably want to move the transformation of those markers to the FE. Avoids a potential XSS vector.
Assignee | ||
Updated•12 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•12 years ago
|
Status: ASSIGNED → NEW
Assignee | ||
Updated•12 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 5•12 years ago
|
||
Track progress here: https://bitbucket.org/mozillapancake/pancake/changesets/tip/branch(%22transform-search-markers-on-front-end%22)
Assignee | ||
Comment 6•12 years ago
|
||
Closed by https://bitbucket.org/mozillapancake/pancake/changeset/d5692808d156.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•