Merge pull request #539 from emresaglam/html-sanitize

html sanitize
2024-11-22 12:54:26 +01:00 · 2020-03-25 21:33:03 +01:00 · 2020-03-25 21:33:03 +01:00 · ba8a410d4c
commit ba8a410d4c
parent f589d07706 451061f4b8
1 changed files with 12 additions and 1 deletions
--- a/meilisearch-http/public/interface.html
+++ b/meilisearch-http/public/interface.html
@ -147,6 +147,16 @@
  </body>

  <script>
+    function sanitizeHTMLEntities(str) {
+        if (str && typeof str === 'string') {
+            str = str.replace(/</g,"&lt;");
+            str = str.replace(/>/g,"&gt;");
+            str = str.replace(/&lt;em&gt;/g,"<em>");
+            str = str.replace(/&lt;\/em&gt;/g,"<\/em>");
+        }
+        return str;
+    }
+
    function httpGet(theUrl) {
        var xmlHttp = new XMLHttpRequest();
        xmlHttp.open("GET", theUrl, false); // false for synchronous request
@ -169,7 +179,8 @@
        lastRequest.open("GET", theUrl, true);
        lastRequest.onload = function (e) {
            if (lastRequest.readyState === 4 && lastRequest.status === 200) {
-                let httpResults = JSON.parse(lastRequest.responseText);
+                let sanitizedResponseText = sanitizeHTMLEntities(lastRequest.responseText);
+                let httpResults = JSON.parse(sanitizedResponseText);
                results.innerHTML = '';

                let processingTimeMs = httpResults.processingTimeMs;