SECURITY: escape advanced search term

This commit is contained in:
Arpit Jalan 2016-12-08 14:54:36 +05:30
parent b4cafc5e78
commit 42b14b0d11
1 changed files with 2 additions and 1 deletions

View File

@ -1,4 +1,5 @@
import { observes } from 'ember-addons/ember-computed-decorators';
import { escapeExpression } from 'discourse/lib/utilities';
const REGEXP_BLOCKS = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g;
@ -103,7 +104,7 @@ export default Em.Component.extend({
},
findSearchTerms() {
const searchTerm = this.get('searchTerm');
const searchTerm = escapeExpression(this.get('searchTerm'));
if (!searchTerm)
return [];