Fixed XSS vulnerability in findField list (#137)

openmrs · Mar 7, 2021 · 2042e09 · 2042e09
1 parent 76f63e9
commit 2042e09
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/omod/src/main/webapp/resources/scripts/dojo/src/widget/openmrs/OpenmrsSearch.js b/omod/src/main/webapp/resources/scripts/dojo/src/widget/openmrs/OpenmrsSearch.js
@@ -765,10 +765,11 @@ dojo.widget.defineWidget(
 			lastItemDisplayed = this.objectsFound.length;
 		}
 
-		this.infoBar.innerHTML = '';
-		if (this.lastPhraseSearched != null)
-			this.infoBar.innerHTML = ' &nbsp; ' + omsgs.resultsFor + ' "' + this.lastPhraseSearched + '". &nbsp;';
-
+		if (this.lastPhraseSearched != null) {
+			resultsText = omsgs.resultsFor + ' "' + this.lastPhraseSearched + '".';
+			this.infoBar.innerHTML = $j('<div/>').text(resultsText).html();
+		}
+
 		if (this.objectsFound.length > 0)
 			this.infoBar.innerHTML += omsgs.searchResultsViewing + " <b>" + this.firstItemDisplayed + "-" + lastItemDisplayed + "</b> " + omsgs.searchResultsOf + " <b>" + total + "</b> &nbsp; ";