Support » Plugins and Hacks » Unescaped HTML in snippets

Unescaped HTML in snippets

  • I often have pieces of code (HTML, XML, etc) in my posts. When Sphinx has a result within these code blocks it outputs corresponding snippets as unescaped HTML. The cosequences may vary from distorted appearance to code injections…

    I fixed it by adding htmlspecialchars to snippet generation in file sphinxsearch_frontend.php, function get_excerpt:

    $excerpts[$i] = str_replace(
        array('{sphinx_after_match}', '{sphinx_before_match}'),
        array($sphinx_after_match, $sphinx_before_match),
        htmlspecialchars($excerpts[$i]) # <<< HERE!

    Is it a bug in plugin code or a problem with my theme / other plugins?


  • The topic ‘Unescaped HTML in snippets’ is closed to new replies.