...@@ -5,6 +5,7 @@ import fuzzaldrinPlus from 'fuzzaldrin-plus'; ...@@ -5,6 +5,7 @@ import fuzzaldrinPlus from 'fuzzaldrin-plus';
import axios from '~/lib/utils/axios_utils'; import axios from '~/lib/utils/axios_utils';
import flash from '~/flash'; import flash from '~/flash';
import { __ } from '~/locale'; import { __ } from '~/locale';
import sanitize from 'sanitize-html';
// highlight text(awefwbwgtc -> <b>a</b>wefw<b>b</b>wgt<b>c</b> ) // highlight text(awefwbwgtc -> <b>a</b>wefw<b>b</b>wgt<b>c</b> )
const highlighter = function(element, text, matches) { const highlighter = function(element, text, matches) {
...@@ -75,7 +76,7 @@ export default class ProjectFindFile { ...@@ -75,7 +76,7 @@ export default class ProjectFindFile {
findFile() { findFile() {
var result, searchText; var result, searchText;
searchText = this.inputElement.val(); searchText = sanitize(this.inputElement.val());
result = result =
searchText.length > 0 ? fuzzaldrinPlus.filter(this.filePaths, searchText) : this.filePaths; searchText.length > 0 ? fuzzaldrinPlus.filter(this.filePaths, searchText) : this.filePaths;
return this.renderList(result, searchText); return this.renderList(result, searchText);
... ...
......
---
title: Sanitize search text to prevent XSS
merge_request:
author:
type: security