Skip to content

Commit

Permalink
Merge pull request #503 from TAMULib/502-location_search_unsafe
Browse files Browse the repository at this point in the history 
Issue 502: Angularjs $location.search is not safe to use when passing '#'.
  • Loading branch information
@kaladay
kaladay authored Jan 12, 2023
2 parents b9bca09 + 47168a4 commit cb1bd3f
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/main/webapp/app/model/discoveryContextModel.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,20 +64,21 @@ sage.model("DiscoveryContext", function ($q, $location, $routeParams, Field, Man

discoveryContext.before(function () {
var filters = [];
var pattern = /#/;

angular.forEach($routeParams, function(value, key) {
if (key.match(/^f\./i)) {
var filter = {
key: key.replace(/^f\./, ""),
key: key.replace(/^f\./, "").replace(pattern, "%23"),
value: value
};
filters.push(filter);
}
});

discoveryContext.search = new Search({
field: angular.isDefined($routeParams.field) ? $routeParams.field : "",
value: angular.isDefined($routeParams.value) ? $routeParams.value : "",
field: angular.isDefined($routeParams.field) ? $routeParams.field.replace(pattern, "%23") : "",
value: angular.isDefined($routeParams.value) ? $routeParams.value.replace(pattern, "%23") : "",
label: "",
filters: filters,
start: 0,
Expand Down

0 comments on commit cb1bd3f

Please sign in to comment.