Fixed invalid escaping of HTML in search results

squidfunk · Aug 24, 2021 · 829820a · 829820a
1 parent 702de82
commit 829820a
Show file tree

Hide file tree

Showing 8 changed files with 13 additions and 99 deletions.
diff --git a/material/assets/javascripts/bundle.56838a2c.min.js b/material/assets/javascripts/bundle.56838a2c.min.js
diff --git a/material/assets/javascripts/bundle.56838a2c.min.js.map b/material/assets/javascripts/bundle.56838a2c.min.js.map
diff --git a/material/assets/javascripts/workers/search.709b4209.min.js b/material/assets/javascripts/workers/search.709b4209.min.js
diff --git a/material/assets/javascripts/workers/search.709b4209.min.js.map b/material/assets/javascripts/workers/search.709b4209.min.js.map
diff --git a/material/base.html b/material/base.html
@@ -196,7 +196,7 @@ <h1>{{ page.title | d(config.site_name, true)}}</h1>
         "base": base_url,
         "features": features,
         "translations": {},
-        "search": "assets/javascripts/workers/search.709b4209.min.js" | url,
+        "search": "assets/javascripts/workers/search.409db549.min.js" | url,
         "version": config.extra.version or None
       } -%}
       {%- set translations = app.translations -%}
@@ -223,7 +223,7 @@ <h1>{{ page.title | d(config.site_name, true)}}</h1>
       </script>
     {% endblock %}
     {% block scripts %}
-      <script src="{{ 'assets/javascripts/bundle.56838a2c.min.js' | url }}"></script>
+      <script src="{{ 'assets/javascripts/bundle.56a63758.min.js' | url }}"></script>
       {% for path in config["extra_javascript"] %}
         <script src="{{ path | url }}"></script>
       {% endfor %}

diff --git a/src/assets/javascripts/components/search/highlight/index.ts b/src/assets/javascripts/components/search/highlight/index.ts
@@ -83,7 +83,7 @@ export function mountSearchHiglight(
       )
   ])
     .pipe(
-      map(([index, url]) => setupSearchHighlighter(index.config)(
+      map(([index, url]) => setupSearchHighlighter(index.config, true)(
         url.searchParams.get("h")!
       )),
       map(fn => {

diff --git a/src/assets/javascripts/integrations/search/_/index.ts b/src/assets/javascripts/integrations/search/_/index.ts
@@ -167,7 +167,7 @@ export class Search {
 
     /* Set up document map and highlighter factory */
     this.documents = setupSearchDocumentMap(docs)
-    this.highlight = setupSearchHighlighter(config)
+    this.highlight = setupSearchHighlighter(config, false)
 
     /* Set separator for tokenizer */
     lunr.tokenizer.separator = new RegExp(config.separator)

diff --git a/src/assets/javascripts/integrations/search/highlighter/index.ts b/src/assets/javascripts/integrations/search/highlighter/index.ts
@@ -54,11 +54,12 @@ export type SearchHighlightFactoryFn = (query: string) => SearchHighlightFn
  * Create a search highlighter
  *
  * @param config - Search index configuration
+ * @param escape - Whether to escape HTML
  *
  * @returns Search highlight factory function
  */
 export function setupSearchHighlighter(
-  config: SearchIndexConfig
+  config: SearchIndexConfig, escape: boolean
 ): SearchHighlightFactoryFn {
   const separator = new RegExp(config.separator, "img")
   const highlight = (_: unknown, data: string, term: string) => {
@@ -79,8 +80,12 @@ export function setupSearchHighlighter(
     })`, "img")
 
     /* Highlight string value */
-    return value => escapeHTML(value)
-      .replace(match, highlight)
-      .replace(/<\/mark>(\s+)<mark[^>]*>/img, "$1")
+    return value => (
+      escape
+        ? escapeHTML(value)
+        : value
+      )
+        .replace(match, highlight)
+        .replace(/<\/mark>(\s+)<mark[^>]*>/img, "$1")
   }
 }