Documentation Source Text

Check-in [90f86ae4c5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an XSS problem in the search function on the website.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 90f86ae4c5e9a31b7af67ce957bfbb7a12c81ab18570389f59b16da3529e04fa
User & Date: drh 2018-01-29 17:17:30
Context
2018-01-29
18:38
Add documentation for the zipfile() aggregate function. check-in: 1582bada14 user: dan tags: trunk
17:17
Fix an XSS problem in the search function on the website. check-in: 90f86ae4c5 user: drh tags: trunk
2018-01-27
20:56
Update zipfile documentation to include using the table-valued function to read an in-memory zip archive. check-in: 5b698017df user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to search/search.tcl.

460
461
462
463
464
465
466

467
468
469
470
471
472
473
  if {[info exists ::A(q)]} {
    set initsearch [attrize $::A(q)]
    append title " - [htmlize $::A(q)]"
  } else {
    set initsearch {}
  }
  set document [document_header $title $::PATH $initsearch]

  append document [subst {
    <script>
      window.addEventListener('load', function() {
        var w = document.getElementById("searchmenu");
        w.style.display = "block";

        document.getElementById("searchtype").value = "$::A(s)"







>







460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
  if {[info exists ::A(q)]} {
    set initsearch [attrize $::A(q)]
    append title " - [htmlize $::A(q)]"
  } else {
    set initsearch {}
  }
  set document [document_header $title $::PATH $initsearch]
  if {$::A(s)!="d" && $::A(s)!="c"} {set ::A(s) d}
  append document [subst {
    <script>
      window.addEventListener('load', function() {
        var w = document.getElementById("searchmenu");
        w.style.display = "block";

        document.getElementById("searchtype").value = "$::A(s)"