You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by jo...@apache.org on 2013/04/25 00:30:59 UTC
[34/50] git commit: [#2835] ticket:308 Safer matches highlighting
[#2835] ticket:308 Safer matches highlighting
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/6c49711f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/6c49711f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/6c49711f
Branch: refs/heads/cj/5655
Commit: 6c49711f033fb1d94ba594f865ec5b3500941c0b
Parents: 27016ef
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 1 14:21:16 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 16:34:42 2013 +0000
----------------------------------------------------------------------
Allura/allura/lib/search.py | 22 +++++++++++----
.../allura/templates/widgets/search_results.html | 4 +-
2 files changed, 18 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/6c49711f/Allura/allura/lib/search.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/search.py b/Allura/allura/lib/search.py
index 6c96d4a..97a67da 100644
--- a/Allura/allura/lib/search.py
+++ b/Allura/allura/lib/search.py
@@ -45,6 +45,8 @@ def solarize(obj):
text = doc['text']
text = g.markdown.convert(text)
doc['text'] = jinja2.Markup.escape(text).striptags()
+ # striptags decodes html entities, so we should escape them again
+ doc['text'] = jinja2.Markup.escape(doc['text'])
return doc
class SearchError(SolrError):
@@ -132,8 +134,8 @@ def search_app(q='', fq=None, app=True, **kw):
'pf': 'title^2 text',
'fq': fq,
'hl': 'true',
- 'hl.simple.pre': '<strong>',
- 'hl.simple.post': '</strong>',
+ 'hl.simple.pre': '#ALLURA-HIGHLIGHT-START#',
+ 'hl.simple.post': '#ALLURA-HIGHLIGHT-END#',
'sort': sort,
}
if not history:
@@ -158,10 +160,18 @@ def search_app(q='', fq=None, app=True, **kw):
return doc
def add_matches(doc):
m = matches.get(doc['id'], {})
- doc['title_match'] = h.get_first(m, 'title')
- doc['text_match'] = h.get_first(m, 'text')
- if not doc['text_match']:
- doc['text_match'] = h.get_first(doc, 'text')
+ title = h.get_first(m, 'title')
+ text = h.get_first(m, 'text')
+ if title:
+ title = (jinja2.escape(title)
+ .replace('#ALLURA-HIGHLIGHT-START#', jinja2.Markup('<strong>'))
+ .replace('#ALLURA-HIGHLIGHT-END#', jinja2.Markup('</strong>')))
+ if text:
+ text = (jinja2.escape(text)
+ .replace('#ALLURA-HIGHLIGHT-START#', jinja2.Markup('<strong>'))
+ .replace('#ALLURA-HIGHLIGHT-END#', jinja2.Markup('</strong>')))
+ doc['title_match'] = title
+ doc['text_match'] = text or h.get_first(doc, 'text')
return doc
results = imap(historize_urls, results)
results = imap(add_matches, results)
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/6c49711f/Allura/allura/templates/widgets/search_results.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/search_results.html b/Allura/allura/templates/widgets/search_results.html
index 2eaaf61..464dab4 100644
--- a/Allura/allura/templates/widgets/search_results.html
+++ b/Allura/allura/templates/widgets/search_results.html
@@ -65,7 +65,7 @@
<p>
<a href="{{doc['url_paginated'] or doc['url_s']}}">
{% if doc.title_match %}
- {{ doc.title_match|safe }}
+ {{ doc.title_match }}
{% else %}
{{ h.get_first(doc, 'title') or h.get_first(doc, 'title_s') -}} {#- title_s is legacy -#}
{% endif %}
@@ -73,7 +73,7 @@
{% if doc['type_s'] %}<span class="gray"><sup>{{ '(%s)' % doc['type_s'] }}</sup></span>{% endif %}
<br>
{% if doc.text_match %}
- <span class="text-match">{{ doc.text_match|safe }}</span><br>
+ <span class="text-match">{{ doc.text_match }}</span><br>
{% endif %}
<span class="gray">Last updated: {{ h.ago_string(doc['mod_date_dt']) }}</span>
</p>