Unescaped HTML in snippets
-
I often have pieces of code (HTML, XML, etc) in my posts. When Sphinx has a result within these code blocks it outputs corresponding snippets as unescaped HTML. The cosequences may vary from distorted appearance to code injections…
I fixed it by adding htmlspecialchars to snippet generation in file sphinxsearch_frontend.php, function get_excerpt:
$excerpts[$i] = str_replace( array('{sphinx_after_match}', '{sphinx_before_match}'), array($sphinx_after_match, $sphinx_before_match), htmlspecialchars($excerpts[$i]) # <<< HERE! );Is it a bug in plugin code or a problem with my theme / other plugins?
https://www.ads-software.com/extend/plugins/wordpress-sphinx-plugin/
- The topic ‘Unescaped HTML in snippets’ is closed to new replies.
