diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2018-01-01 19:13:02 +0100 |
| commit | 9a55d9dc59c12e7f2453948b04d017de4e329fff (patch) | |
| tree | f8654db0c2f7816603bd6a1710804cbd233d755e /public/assets/js/lib/views/search/results.js | |
| parent | 7176250d674711c86e69984766b603e4e54dc201 (diff) | |
sanitizing correctly
Diffstat (limited to 'public/assets/js/lib/views/search/results.js')
| -rw-r--r-- | public/assets/js/lib/views/search/results.js | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/public/assets/js/lib/views/search/results.js b/public/assets/js/lib/views/search/results.js index 0f34845..8c793f1 100644 --- a/public/assets/js/lib/views/search/results.js +++ b/public/assets/js/lib/views/search/results.js @@ -21,11 +21,11 @@ var SearchResults = View.extend({ }, populate: function(res){ - var query = sanitize(res.meta.query) + var query = sanitizeHTML(res.meta.query) var terms = res.meta.terms console.log(res) - $("title").html('bucky search "' + sanitize(query) + '"') - $("[name=query]").val(query) + $("title").html('bucky search "' + query + '"') + $("[name=query]").val(res.meta.query) this.$(".query").html(query) var total = parseInt(res.meta.total) this.$(".total").html(total + " result" + courtesy_s(total)) @@ -48,13 +48,13 @@ var SearchResults = View.extend({ image = result.thread.flagged } var image_path = image ? '/data/' + result.thread.id + '/' + sanitize(image.filename) : '' - var file_tag = result.file ? '<a href="' + make_link(result.file) + '">' + bold_terms(sanitize(result.file.filename), terms) + '</a>' : '' + var file_tag = result.file ? '<a href="' + make_link(result.file) + '">' + bold_terms(result.file.filename, terms) + '</a>' : '' var t = this.template - .replace(/{{thread_id}}/g, sanitize("" + result.thread.id)) + .replace(/{{thread_id}}/g, sanitizeHTML("" + result.thread.id)) .replace(/{{meta}}/, metadata(result.thread)) .replace(/{{image}}/, image_path) - .replace(/{{title}}/, bold_terms(sanitize(result.thread.title), terms)) - .replace(/{{comment}}/, result.comment ? bold_terms(sanitize(result.comment.comment), terms) : '') + .replace(/{{title}}/, bold_terms(result.thread.title, terms)) + .replace(/{{comment}}/, result.comment ? bold_terms(result.comment.comment, terms) : '') .replace(/{{file}}/, file_tag) .replace(/{{strength}}/, result.strength) this.$("#results").append(t) |