Fo0bar has uploaded a new change for review. https://gerrit.wikimedia.org/r/125583
Change subject: Use FormatJson::encode() for escaping template JS ...................................................................... Use FormatJson::encode() for escaping template JS htmltentities() is not appropriate for escaping the content passed to the Google JS block. Use FormatJson::encode() instead. Change-Id: I91c1f13fdaf06fd24ce7afd5d2309388234d1f59 --- M GoogleSiteSearch.content.default.html M GoogleSiteSearch.php 2 files changed, 6 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/GoogleSiteSearch refs/changes/83/125583/1 diff --git a/GoogleSiteSearch.content.default.html b/GoogleSiteSearch.content.default.html index b584bbc..ae82652 100644 --- a/GoogleSiteSearch.content.default.html +++ b/GoogleSiteSearch.content.default.html @@ -1,12 +1,12 @@ <div id="cse" style="width: 100%;">_GSS_LOADING_</div> <script src="http://www.google.com/jsapi"; type="text/javascript"></script> <script type="text/javascript"> - google.load('search', '1', {language : '_GSS_LANG_'}); + google.load('search', '1', {language : _GSS_LANG_}); google.setOnLoadCallback(function() { - var customSearchControl = new google.search.CustomSearchControl('_GSS_CSE_ID_'); + var customSearchControl = new google.search.CustomSearchControl(_GSS_CSE_ID_); customSearchControl.setResultSetSize(google.search.Search.FILTERED_CSE_RESULTSET); customSearchControl.draw('cse'); - customSearchControl.execute('_GSS_TERM_ESCAPE_'); + customSearchControl.execute(_GSS_TERM_ESCAPE_); }, true); </script> <link rel="stylesheet" href="http://www.google.com/cse/style/look/default.css"; type="text/css" /> diff --git a/GoogleSiteSearch.php b/GoogleSiteSearch.php index 9def0c9..4cd5e99 100644 --- a/GoogleSiteSearch.php +++ b/GoogleSiteSearch.php @@ -87,9 +87,9 @@ } # Replace variable data in the HTML - $outhtml = str_replace( '_GSS_CSE_ID_', htmlentities( $wgGoogleSiteSearchCSEID, ENT_QUOTES, $wgGoogleSiteSearchCharset ), $outhtml ); - $outhtml = str_replace( '_GSS_TERM_ESCAPE_', htmlentities( $term, ENT_QUOTES, $wgGoogleSiteSearchCharset ), $outhtml ); - $outhtml = str_replace( '_GSS_LANG_', htmlentities( $lang->getCode(), ENT_QUOTES, $wgGoogleSiteSearchCharset ), $outhtml ); + $outhtml = str_replace( '_GSS_CSE_ID_', FormatJson::encode( $wgGoogleSiteSearchCSEID ), $outhtml ); + $outhtml = str_replace( '_GSS_TERM_ESCAPE_', FormatJson::encode( $term ), $outhtml ); + $outhtml = str_replace( '_GSS_LANG_', FormatJson::encode( $lang->getCode() ), $outhtml ); $outhtml = str_replace( '_GSS_LOADING_', htmlentities( wfMessage( 'googlesitesearch-loading', $wgGoogleSiteSearchCharset ) ), $outhtml ); # Add it! -- To view, visit https://gerrit.wikimedia.org/r/125583 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I91c1f13fdaf06fd24ce7afd5d2309388234d1f59 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/GoogleSiteSearch Gerrit-Branch: master Gerrit-Owner: Fo0bar <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
