Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Simple Search excerpt displays JS code fragment if encoded email address is in the field #4734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nep opened this issue Mar 8, 2025 · 1 comment
Open

Simple Search excerpt displays JS code fragment if encoded email address is in the field #4734

nep opened this issue Mar 8, 2025 · 1 comment
Labels
Bug: Unconfirmed Bug report that is not yet confirmed and/or is not reproducible.

Comments

@nep
Copy link

nep commented Mar 8, 2025

Description of the problem
The search excerpt variable is stripped of HTML before displaying, but this leaves JS code behind when there's an encoded email address in that field, either with {encode="[email protected]"} or if the field is set to auto-encode email addresses in that channel's settings.

How To Reproduce
Steps to reproduce the behavior:

Put an email address in a text field.
Make sure the field is searchable.
Make sure email addresses in that field are set to auto encode by going to that channel's settings: "Render URLs and Email addresses as links?"
Search for that entry.
Use {excerpt} to display the result.

Error Messages


My email address is (JavaScript must be enabled to view this email address)/*= 0)out
 += decodeURIComponent(l[i].replace(/^\s\s*/, '&#'));while (--j >= 0)if 
(el[j].getAttribute('data-eeEncEmail_ZKvYhMmuXN'))el[j].innerHTML = out;/*]]>*/ 
so now you see JS code in search here now.

Screenshots / Videos / Template Code

Environment Details:

  • Version: 7.5.7
  • PHP Version any
  • MySQL Version any
  • OS: any
  • Web Server: any

Possible Solution
Dunno but somewhere in ExpressionEngine/system/ee/ExpressionEngine/Addons/search/mod.search.php

Additional context
@intoeetive
Copy link
Contributor

@nep can you share the template code that you use to display the results? I'm not exactly replicating this

@intoeetive intoeetive added the Bug: Unconfirmed Bug report that is not yet confirmed and/or is not reproducible. label May 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug: Unconfirmed Bug report that is not yet confirmed and/or is not reproducible.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nep @intoeetive