Comment #1 on issue 3274 by xss in autocomplete

A mistake. Do not need to be escaped term.

Index: reviewboard/htdocs/media/rb/js/ui.autocomplete.js
diff --git a/trunk/reviewboard/htdocs/media/rb/js/ui.autocomplete.js b/trunk/reviewboard/htdocs/media/rb/js/ui.autocomplete.js --- a/trunk/reviewboard/htdocs/media/rb/js/ui.autocomplete.js (revision 2200)
+++ b/trunk/reviewboard/htdocs/media/rb/js/ui.autocomplete.js   (working copy)
@@ -424,7 +424,7 @@
                multiple: false,
                multipleSeparator: ", ",
                highlight: function(value, term) {
- return value.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + term.replace(/([\^\$\(\)\[\]\{\}\*\.\+\?\|\\])/gi, "\\$1") + ")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>"); + return $('<div>').text(value).html().replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + term.replace(/([\^\$\(\)\[\]\{\}\*\.\+\?\|\\])/gi, "\\$1") + ")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>");
                scroll: true,
                scrollHeight: 180

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to