composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°3835 Autocomplete security hardening

Browse Source
This commit is contained in:
Stephen Abello
2021-11-29 14:58:33 +01:00
parent fc2b00699e
commit 3df5febd3e
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/ui.extkeywidget.class.inc.php
View File

@@ -824,9 +824,9 @@ JS
$aJsonMap = array();
foreach ($aValues as $sKey => $aValue) {
$aElt = ['value' => $sKey, 'label' => utils::HtmlEntities($aValue['label']), 'obsolescence_flag' => $aValue['obsolescence_flag']];
$aElt = ['value' => $sKey, 'label' => utils::EscapeHtml($aValue['label']), 'obsolescence_flag' => $aValue['obsolescence_flag']];
if ($aValue['additional_field'] != '') {
$aElt['additional_field'] = utils::HtmlEntities($aValue['additional_field']);
$aElt['additional_field'] = utils::EscapeHtml($aValue['additional_field']);
}
if (array_key_exists('initials', $aValue)) {

2
js/extkeywidget.js
View File

@@ -269,7 +269,7 @@ function ExtKeyWidget(id, sTargetClass, sFilter, sTitle, bSelectMode, oWizHelper
if (item.obsolescence_flag == '1') {
val = val+' <span class="object-ref-icon text_decoration"><span class="fas fa-eye-slash object-obsolete fa-1x fa-fw"></span></span>';
}
let labelValue = $('<div/>').html(item.label).text().replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)("+term+")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>");
let labelValue = item.label.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)("+term+")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>");
val = val+labelValue;
if (item.additional_field != undefined) {
val = val+'<br><i>'+item.additional_field+'</i>';