svn commit: r1617186 - /lucene/cms/trunk/templates/search.html

[us...@apache.org]

Author: uschindler
Date: Mon Aug 11 00:43:53 2014
New Revision: 1617186

URL: http://svn.apache.org/r1617186
Log:
Prevent XSS attacks by cleaning up search value before it is sent to external providers

Modified:
    lucene/cms/trunk/templates/search.html

Modified: lucene/cms/trunk/templates/search.html
URL: http://svn.apache.org/viewvc/lucene/cms/trunk/templates/search.html?rev=1617186&r1=1617185&r2=1617186&view=diff
==============================================================================
--- lucene/cms/trunk/templates/search.html (original)
+++ lucene/cms/trunk/templates/search.html Mon Aug 11 00:43:53 2014
@@ -7,7 +7,7 @@
       return true;
     }
 
-    function selectProvider(form) {
+    function submitForm(form) {
       provider = form.elements['searchProvider'].value;
       if (provider == "any") {
         if (Math.random() > 0.5) {
@@ -28,14 +28,17 @@
       date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
       expires = "; expires=" + date.toGMTString();
       document.cookie = "searchProvider=" + provider + expires + "; path=/";
+
+      // replace some chars to not trigger XSS in external provider:
+      form.elements['q'].value = form.elements['q'].value.toString().replace(/[&"<>]+/g, " ");
       return true;
     }
   </script>
-  <form id="quick-search" method="GET" onsubmit="return selectProvider(this)"
+  <form id="quick-search" method="GET" onsubmit="return submitForm(this)"
         action="http://search-lucene.com/lucene"
         name="searchform">
     <fieldset>
-      <input type="search" name="q" value="Search with Apache Solr..." class="class1 class2 hint" accesskey="q"
+      <input type="search" id="q" name="q" value="Search with Apache Solr..." class="class1 class2 hint" accesskey="q"
              onfocus="getBlank(this, 'Search with Apache Solr...')">
       <span style="color:white">@</span>
       <select name="searchProvider" id="searchProvider">