From 419032f219d00c31d9edfc732c384890cc0c05e3 Mon Sep 17 00:00:00 2001
From: Jelle-DIVD <113940037+Jelle-DIVD@users.noreply.github.com>
Date: Mon, 9 Dec 2024 00:06:34 +0100
Subject: [PATCH] Update search.js to fix escaping problem

Key changes made to fix the escaping issues:

- Added proper JSON escaping using the jsonify filter for CVE titles and content:
  `"title": {{ cve[1]["containers"]["cna"]["title"] | jsonify }},`
- Pre-processed the descriptions array before rendering:
`{% assign descriptions = cve[1]["containers"]["cna"]["descriptions"] | where: "lang", "en" | map: "value" %}
"content": {{ descriptions | join: " " | jsonify }},`
- Cleaned up the overall code structure to be more consistent with proper comma handling between objects

The jsonify filter will properly escape all special characters, quotes, and code blocks in the content, preventing the JavaScript syntax errors you're seeing. This should resolve the HTML escaping issues while maintaining the search functionality.
---
 assets/js/search.js | 41 +++++++++++++----------------------------
 1 file changed, 13 insertions(+), 28 deletions(-)

diff --git a/assets/js/search.js b/assets/js/search.js
index 3ca77b5c..aa099c5a 100644
--- a/assets/js/search.js
+++ b/assets/js/search.js
@@ -5,15 +5,13 @@ layout: none
   function displaySearchResults(results, store) {
     var searchResults = document.getElementById('search-results');
 
-    if (results.length) { // Are there any results?
+    if (results.length) {
       var appendString = '';
-
-      for (var i = 0; i < results.length; i++) {  // Iterate over the results
+      for (var i = 0; i < results.length; i++) {
         var item = store[results[i].ref];
         appendString += '<li><a href="' + item.url + '"><h3>' + item.title + '</h3></a>';
         appendString += '<p>' + item.content.substring(0, 150) + '...</p></li>';
       }
-
       searchResults.innerHTML = appendString;
     } else {
       searchResults.innerHTML = '<li>No results found</li>';
@@ -26,17 +24,16 @@ layout: none
 
     for (var i = 0; i < vars.length; i++) {
       var pair = vars[i].split('=');
-
       if (pair[0] === variable) {
         return decodeURIComponent(pair[1].replace(/\+/g, '%20'));
       }
     }
   }
 
-  store = {
+  var store = {
     {% for post in site.posts %}
       "{{ post.url | slugify }}": {
-        "id" : "{{ post.url | slugify }}",
+        "id": "{{ post.url | slugify }}",
         "title": "{{ post.title | xml_escape }}",
         "author": "{{ post.author | xml_escape }}",
         "category": "{{ post.category | xml_escape }}",
@@ -46,7 +43,7 @@ layout: none
     {% endfor %}
     {% for post in site.cases %}
       "{{ post.url | slugify }}": {
-        "id" : "{{ post.url | slugify }}",
+        "id": "{{ post.url | slugify }}",
         "title": "{{ post.title | xml_escape }}",
         "author": "{{ post.author | xml_escape }}",
         "category": "{{ post.category | xml_escape }}",
@@ -57,11 +54,12 @@ layout: none
     {% for year in site.data.cves %}
       {%- for cve in year[1] -%}
       {% assign cveId = cve[0] -%}
+      {% assign descriptions = cve[1]["containers"]["cna"]["descriptions"] | where: "lang", "en" | map: "value" %}
         "{{ cve[0] }}": {
-          "id" : "{{ cve[0] }}",
-          "title": "{{ cve[1]["containers"]["cna"]["title"] }}",
+          "id": "{{ cve[0] }}",
+          "title": {{ cve[1]["containers"]["cna"]["title"] | jsonify }},
           "category": "cve",
-          "content": "{{ cve[1]["containers"]["cna"]["descriptions"] | where: "lang", "en" | map: "value" }}",
+          "content": {{ descriptions | join: " " | jsonify }},
           "url": "/cves/{{ cve[0] }}"
         }
       {%- unless forloop.last -%},{%- endunless %}
@@ -73,8 +71,6 @@ layout: none
   if (searchTerm) {
     document.getElementById('search-box').setAttribute("value", searchTerm);
 
-    // Initalize lunr with the fields it will be searching on. I've given title
-    // a boost of 10 to indicate matches on this field are more important.
     var idx = lunr(function () {
       this.field('id');
       this.field('title', { boost: 10 });
@@ -83,22 +79,11 @@ layout: none
       this.field('content');
 
       for(var id in store) {
-        this.add(store[id])
+        this.add(store[id]);
       }
     });
 
-    /*
-    for (var key in store) { // Add the data to lunr
-      idx.add({
-        'id': key,
-        'title': window.store[key].title,
-        'author': window.store[key].author,
-        'category': window.store[key].category,
-        'content': window.store[key].content
-      });
-    */
-
-    var results = idx.search(searchTerm); // Get lunr to perform a search
-    displaySearchResults(results, store); // We'll write this in the next section
+    var results = idx.search(searchTerm);
+    displaySearchResults(results, store);
   }
-})();
\ No newline at end of file
+})();