From 47168a4336ed5d44bdfd3404de5451d1f49f19f7 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Thu, 12 Jan 2023 14:33:30 -0600 Subject: [PATCH] Issue 502: Angularjs $location.search is not safe to use when passing '#'. This addresses the problem by replacing the `#` (U+0023) character with `%23` for relevant situations (properties in the search). This needs to be tested for regressions, specifically checking for data in facets and filters that have the `#` (U+0023) character. --- src/main/webapp/app/model/discoveryContextModel.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/webapp/app/model/discoveryContextModel.js b/src/main/webapp/app/model/discoveryContextModel.js index cd3ab5aa..e0d0f9a8 100644 --- a/src/main/webapp/app/model/discoveryContextModel.js +++ b/src/main/webapp/app/model/discoveryContextModel.js @@ -64,11 +64,12 @@ sage.model("DiscoveryContext", function ($q, $location, $routeParams, Field, Man discoveryContext.before(function () { var filters = []; + var pattern = /#/; angular.forEach($routeParams, function(value, key) { if (key.match(/^f\./i)) { var filter = { - key: key.replace(/^f\./, ""), + key: key.replace(/^f\./, "").replace(pattern, "%23"), value: value }; filters.push(filter); @@ -76,8 +77,8 @@ sage.model("DiscoveryContext", function ($q, $location, $routeParams, Field, Man }); discoveryContext.search = new Search({ - field: angular.isDefined($routeParams.field) ? $routeParams.field : "", - value: angular.isDefined($routeParams.value) ? $routeParams.value : "", + field: angular.isDefined($routeParams.field) ? $routeParams.field.replace(pattern, "%23") : "", + value: angular.isDefined($routeParams.value) ? $routeParams.value.replace(pattern, "%23") : "", label: "", filters: filters, start: 0,