From 61c47ba88085b8be2872ee968a30868d25d0f1ef Mon Sep 17 00:00:00 2001 From: Guillaume Gomez Date: Thu, 20 May 2021 15:14:50 +0200 Subject: [PATCH] Generate DOM more securely --- src/librustdoc/html/static/search.js | 65 +++++++++++++++++++++------- 1 file changed, 49 insertions(+), 16 deletions(-) diff --git a/src/librustdoc/html/static/search.js b/src/librustdoc/html/static/search.js index 26b14f675f6..b3242bf4df9 100644 --- a/src/librustdoc/html/static/search.js +++ b/src/librustdoc/html/static/search.js @@ -968,11 +968,11 @@ window.initSearch = function(rawSearchIndex) { extraClass = " active"; } - var output = ""; + var output = document.createElement("div"); var duplicates = {}; var length = 0; if (array.length > 0) { - output = "
"; + output.className = "search-results " + extraClass; array.forEach(function(item) { if (item.is_alias !== true) { @@ -994,19 +994,46 @@ window.initSearch = function(rawSearchIndex) { extra = " (keyword)"; } - output += "" + - "
" + - (item.is_alias === true ? - ("" + item.alias + "  - see ") : "") + - item.displayPath + "" + - name + extra + "
" + - "" + item.desc + - " 
"; + var link = document.createElement("a"); + link.className = "result-" + type; + link.href = item.href; + + var wrapper = document.createElement("div"); + var resultName = document.createElement("div"); + resultName.className = "result-name"; + + if (item.is_alias) { + var alias = document.createElement("span"); + alias.className = "alias"; + + var bold = document.createElement("b"); + bold.innerText = item.alias; + alias.appendChild(bold); + + alias.insertAdjacentHTML( + "beforeend", + " - see "); + + resultName.appendChild(alias); + } + resultName.insertAdjacentHTML( + "beforeend", + item.displayPath + "" + name + extra + ""); + wrapper.appendChild(resultName); + + var description = document.createElement("div"); + description.className = "desc"; + var spanDesc = document.createElement("span"); + spanDesc.innerText = item.desc + "\u00A0"; + + description.appendChild(spanDesc); + wrapper.appendChild(description); + link.appendChild(wrapper); + output.appendChild(link); }); - output += "
"; } else { - output = "
No results :(
" + + output.className = "search-failed" + extraClass; + output.innerHTML = "No results :(
" + "Try on DuckDuckGo?

" + @@ -1018,7 +1045,7 @@ window.initSearch = function(rawSearchIndex) { "href=\"https://doc.rust-lang.org/book/index.html\">Rust Book for " + "introductions to language features and the language itself.
  • Docs.rs for documentation of crates released on" + - " crates.io.
    • "; + " crates.io."; } return [output, length]; } @@ -1078,10 +1105,16 @@ window.initSearch = function(rawSearchIndex) { makeTabHeader(0, "In Names", ret_others[1]) + makeTabHeader(1, "In Parameters", ret_in_args[1]) + makeTabHeader(2, "In Return Types", ret_returned[1]) + - "
    " + - ret_others[0] + ret_in_args[0] + ret_returned[0] + "
    "; + ""; + + var resultsElem = document.createElement("div"); + resultsElem.id = "results"; + resultsElem.appendChild(ret_others[0]); + resultsElem.appendChild(ret_in_args[0]); + resultsElem.appendChild(ret_returned[0]); search.innerHTML = output; + search.appendChild(resultsElem); // Reset focused elements. searchState.focusedByTab = [null, null, null]; searchState.showResults(search);