logo

searx

Unnamed repository; edit this file 'description' to name the repository.
commit: 28f12ef5a0917b8cefddb4d5f74c9aaeb945355f
parent: 7986d4cf4192df645fc29fe6df12607bb6949bd9
Author: Adam Tauber <asciimoo@gmail.com>
Date:   Sun,  4 Dec 2016 23:07:46 +0100

[fix] proper escaping of the search query in templates

Diffstat:

searx/templates/courgette/results.html | 10+++++-----
searx/templates/legacy/results.html | 10+++++-----
searx/templates/oscar/results.html | 14+++++++-------
searx/templates/pix-art/results.html | 7+++----
4 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/searx/templates/courgette/results.html b/searx/templates/courgette/results.html @@ -1,6 +1,6 @@ {% extends "courgette/base.html" %} -{% block title %}{{ q }} - {% endblock %} -{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %} +{% block title %}{{ q|e }} - {% endblock %} +{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %} {% block content %} <div class="right"><a href="{{ url_for('preferences') }}" id="preferences"><span>{{ _('preferences') }}</span></a></div> <div class="small search center"> @@ -17,7 +17,7 @@ {% for output_type in ('csv', 'json', 'rss') %} <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <div class="left"> - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> <input type="hidden" name="format" value="{{ output_type }}" /> {% for category in selected_categories %} <input type="hidden" name="category_{{ category }}" value="1"/> @@ -62,7 +62,7 @@ {% if pageno > 1 %} <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <div class="left"> - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> {% for category in selected_categories %} <input type="hidden" name="category_{{ category }}" value="1"/> {% endfor %} @@ -76,7 +76,7 @@ {% for category in selected_categories %} <input type="hidden" name="category_{{ category }}" value="1"/> {% endfor %} - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="submit" value="{{ _('next page') }} >>" /> </div> diff --git a/searx/templates/legacy/results.html b/searx/templates/legacy/results.html @@ -1,6 +1,6 @@ {% extends "legacy/base.html" %} -{% block title %}{{ q }} - {% endblock %} -{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %} +{% block title %}{{ q|e }} - {% endblock %} +{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %} {% block content %} <div class="preferences_container right"><a href="{{ url_for('preferences') }}" id="preferences"><span>preferences</span></a></div> <div class="small search center"> @@ -18,7 +18,7 @@ {% for output_type in ('csv', 'json', 'rss') %} <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <div class="left"> - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> <input type="hidden" name="format" value="{{ output_type }}" /> {% for category in selected_categories %} <input type="hidden" name="category_{{ category }}" value="1"/> @@ -73,7 +73,7 @@ {% if pageno > 1 %} <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}"> <div class="{% if rtl %}right{% else %}left{% endif %}"> - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> {% for category in selected_categories %} <input type="hidden" name="category_{{ category }}" value="1"/> {% endfor %} @@ -87,7 +87,7 @@ {% for category in selected_categories %} <input type="hidden" name="category_{{ category }}" value="1"/> {% endfor %} - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="submit" value="{{ _('next page') }} >>" /> </div> diff --git a/searx/templates/oscar/results.html b/searx/templates/oscar/results.html @@ -1,6 +1,6 @@ {% extends "oscar/base.html" %} -{% block title %}{{ q }} - {% endblock %} -{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}&amp;time_range={{ time_range }}">{% endblock %} +{% block title %}{{ q|e }} - {% endblock %} +{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}&amp;time_range={{ time_range }}">{% endblock %} {% block content %} <div class="row"> <div class="col-sm-8" id="main_results"> @@ -37,9 +37,9 @@ <div id="pagination"> <div class="pull-left"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left"> - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %} - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="hidden" name="time_range" value="{{ time_range }}" /> <button type="submit" class="btn btn-default"><span class="glyphicon glyphicon-backward"></span> {{ _('next page') }}</button> @@ -59,7 +59,7 @@ <div id="pagination"> <div class="pull-left"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left"> - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %} <input type="hidden" name="pageno" value="{{ pageno-1 }}" /> <input type="hidden" name="time_range" value="{{ time_range }}" /> @@ -69,7 +69,7 @@ <div class="pull-right"> <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="pull-left"> {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1"/>{% endfor %} - <input type="hidden" name="q" value="{{ q }}" /> + <input type="hidden" name="q" value="{{ q|e }}" /> <input type="hidden" name="pageno" value="{{ pageno+1 }}" /> <input type="hidden" name="time_range" value="{{ time_range }}" /> <button type="submit" class="btn btn-default"><span class="glyphicon glyphicon-forward"></span> {{ _('next page') }}</button> @@ -130,7 +130,7 @@ <div class="clearfix"></div> {% for output_type in ('csv', 'json', 'rss') %} <form method="{{ method or 'POST' }}" action="{{ url_for('index') }}" class="form-inline pull-{% if rtl %}right{% else %}left{% endif %} result_download"> - <input type="hidden" name="q" value="{{ q }}"> + <input type="hidden" name="q" value="{{ q|e }}"> <input type="hidden" name="format" value="{{ output_type }}"> {% for category in selected_categories %}<input type="hidden" name="category_{{ category }}" value="1">{% endfor %} <input type="hidden" name="pageno" value="{{ pageno }}"> diff --git a/searx/templates/pix-art/results.html b/searx/templates/pix-art/results.html @@ -5,7 +5,7 @@ {% endfor %} {% else %} {% extends "pix-art/base.html" %} -{% block title %}{{ q }} - {% endblock %} +{% block title %}{{ q|e }} - {% endblock %} {% block meta %}{% endblock %} {% block content %} <div id="logo"><a href="./"><img src="{{ url_for('static', filename='img/searx-pixel-small.png') }}" alt="searx Logo"/></a></div> @@ -25,8 +25,8 @@ </span> <div id="pagination"> <br /> - <input type="button" onclick="load_more('{{ q }}', {{ pageno+1 }})" id="load_more" value="{{ _('Load more...') }}" /> + <input type="button" onclick="load_more('{{ q|e }}', {{ pageno+1 }})" id="load_more" value="{{ _('Load more...') }}" /> </div> </div> {% endblock %} -{% endif %}- \ No newline at end of file +{% endif %}