ruby-changes:73890

https://git.ruby-lang.org/ruby.git/commit/?id=39909d8c18

From 39909d8c18ede7bb94bbcd0ad00d41b2f545528b Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@r...>
Date: Tue, 7 Sep 2021 23:52:13 +0900
Subject: [ruby/rdoc] Escape search results

https://hackerone.com/reports/1321358

https://github.com/ruby/rdoc/commit/2ebf8fd510
---
 lib/rdoc/generator/template/darkfish/_head.rhtml    | 20 ++++++++++----------
 lib/rdoc/generator/template/darkfish/js/darkfish.js |  2 +-
 lib/rdoc/generator/template/darkfish/js/search.js   |  2 +-
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/rdoc/generator/template/darkfish/_head.rhtml b/lib/rdoc/generator/template/darkfish/_head.rhtml
index 4f331245c3..d5aed3e9ef 100644
--- a/lib/rdoc/generator/template/darkfish/_head.rhtml
+++ b/lib/rdoc/generator/template/darkfish/_head.rhtml
@@ -3,18 +3,18 @@ https://github.com/ruby/ruby/blob/trunk/lib/rdoc/generator/template/darkfish/_head.rhtml#L3
 <title><%= h @title %></title>
 
 <script type="text/javascript">
-  var rdoc_rel_prefix = "<%= asset_rel_prefix %>/";
-  var index_rel_prefix = "<%= rel_prefix %>/";
+  var rdoc_rel_prefix = "<%= h asset_rel_prefix %>/";
+  var index_rel_prefix = "<%= h rel_prefix %>/";
 </script>
 
-<script src="<%= asset_rel_prefix %>/js/navigation.js" defer></script>
-<script src="<%= asset_rel_prefix %>/js/search.js" defer></script>
-<script src="<%= asset_rel_prefix %>/js/search_index.js" defer></script>
-<script src="<%= asset_rel_prefix %>/js/searcher.js" defer></script>
-<script src="<%= asset_rel_prefix %>/js/darkfish.js" defer></script>
+<script src="<%= h asset_rel_prefix %>/js/navigation.js" defer></script>
+<script src="<%= h asset_rel_prefix %>/js/search.js" defer></script>
+<script src="<%= h asset_rel_prefix %>/js/search_index.js" defer></script>
+<script src="<%= h asset_rel_prefix %>/js/searcher.js" defer></script>
+<script src="<%= h asset_rel_prefix %>/js/darkfish.js" defer></script>
 
-<link href="<%= asset_rel_prefix %>/css/fonts.css" rel="stylesheet">
-<link href="<%= asset_rel_prefix %>/css/rdoc.css" rel="stylesheet">
+<link href="<%= h asset_rel_prefix %>/css/fonts.css" rel="stylesheet">
+<link href="<%= h asset_rel_prefix %>/css/rdoc.css" rel="stylesheet">
 <%- @options.template_stylesheets.each do |stylesheet| -%>
-<link href="<%= asset_rel_prefix %>/<%= File.basename stylesheet %>" rel="stylesheet">
+<link href="<%= h asset_rel_prefix %>/<%= File.basename stylesheet %>" rel="stylesheet">
 <%- end -%>
diff --git a/lib/rdoc/generator/template/darkfish/js/darkfish.js b/lib/rdoc/generator/template/darkfish/js/darkfish.js
index 111bbf8eb9..d0c9467751 100644
--- a/lib/rdoc/generator/template/darkfish/js/darkfish.js
+++ b/lib/rdoc/generator/template/darkfish/js/darkfish.js
@@ -54,7 +54,7 @@ function hookSearch() { https://github.com/ruby/ruby/blob/trunk/lib/rdoc/generator/template/darkfish/js/darkfish.js#L54
     var html = '';
 
     // TODO add relative path to <script> per-page
-    html += '<p class="search-match"><a href="' + index_rel_prefix + result.path + '">' + this.hlt(result.title);
+    html += '<p class="search-match"><a href="' + index_rel_prefix + this.escapeHTML(result.path) + '">' + this.hlt(result.title);
     if (result.params)
       html += '<span class="params">' + result.params + '</span>';
     html += '</a>';
diff --git a/lib/rdoc/generator/template/darkfish/js/search.js b/lib/rdoc/generator/template/darkfish/js/search.js
index b558ca5b4f..58e52afecf 100644
--- a/lib/rdoc/generator/template/darkfish/js/search.js
+++ b/lib/rdoc/generator/template/darkfish/js/search.js
@@ -101,7 +101,7 @@ Search.prototype = Object.assign({}, Navigation, new function() { https://github.com/ruby/ruby/blob/trunk/lib/rdoc/generator/template/darkfish/js/search.js#L101
   }
 
   this.escapeHTML = function(html) {
-    return html.replace(/[&<>]/g, function(c) {
+    return html.replace(/[&<>"`']/g, function(c) {
       return '&#' + c.charCodeAt(0) + ';';
     });
   }
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/