Skip to content

Commit

Permalink
SITES-24380 - Checkmarx Vulnerability - OOTB Search.js (#2847)
Browse files Browse the repository at this point in the history 
 * protecting href in search component search.js against XSS
  • Loading branch information
@LSantha
LSantha authored Sep 10, 2024
1 parent 099ecbd commit e7f0daa
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
8 changes: 7 additions & 1 deletion ...c/content/jcr_root/apps/core/wcm/components/search/v1/search/clientlibs/site/js/search.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,11 +281,17 @@
var el = document.createElement("span");
el.innerHTML = self._elements.itemTemplate.innerHTML;
el.querySelectorAll(selectors.item.title)[0].appendChild(document.createTextNode(item.title));
el.querySelectorAll(selectors.item.self)[0].setAttribute("href", item.url);
el.querySelectorAll(selectors.item.self)[0].setAttribute("href", self._safeHref(item.url));
results.innerHTML += el.innerHTML;
});
};

Search.prototype._safeHref = function(href) {
var a = document.createElement("a");
a.href = href;
return a.pathname;
};

Search.prototype._markResults = function() {
var nodeList = this._elements.results.querySelectorAll(selectors.item.self);
var escapedTerm = this._elements.input.value.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
Expand Down
8 changes: 7 additions & 1 deletion ...c/content/jcr_root/apps/core/wcm/components/search/v2/search/clientlibs/site/js/search.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,11 +293,17 @@
var el = document.createElement("span");
el.innerHTML = self._elements.itemTemplate.innerHTML;
el.querySelectorAll(selectors.item.title)[0].appendChild(document.createTextNode(item.title));
el.querySelectorAll(selectors.item.self)[0].setAttribute("href", item.url);
el.querySelectorAll(selectors.item.self)[0].setAttribute("href", self._safeHref(item.url));
results.innerHTML += el.innerHTML;
});
};

Search.prototype._safeHref = function(href) {
var a = document.createElement("a");
a.href = href;
return a.pathname;
};

Search.prototype._markResults = function() {
var nodeList = this._elements.results.querySelectorAll(selectors.item.self);
var escapedTerm = this._elements.input.value.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
Expand Down

0 comments on commit e7f0daa

Please sign in to comment.