From: Stefano Zacchiroli Date: Wed, 20 Apr 2005 08:45:32 +0000 (+0000) Subject: html-escapes user given expression when filling hidden field "expression" X-Git-Tag: after_svn_merge~35 X-Git-Url: http://matita.cs.unibo.it/gitweb/?a=commitdiff_plain;h=1616bc6fd4ed16b14e340a3e0070403fcbf70db9;p=helm.git html-escapes user given expression when filling hidden field "expression" in this way xml/html forbidden characters like "<" are converted to "<" and doesn't crash uwobo --- diff --git a/helm/searchEngine/searchEngine.ml b/helm/searchEngine/searchEngine.ml index d262029ed..341ace5cc 100644 --- a/helm/searchEngine/searchEngine.ml +++ b/helm/searchEngine/searchEngine.ml @@ -135,6 +135,9 @@ let patch_param param_name param_value url = else sprintf "%s&%s=%s" url param_name param_value + (** HTML encoding, e.g.: "<" -> "<" *) +let html_encode = Netencoding.Html.encode_from_latin1 + let send_results results ?(id_to_uris = CicTextualParser2.EnvironmentP3.of_string "") (req: Http_types.request) outchan @@ -197,7 +200,7 @@ let send_results results let subst = (tag "SEARCH_ENGINE_URL", my_own_url) :: (tag "ADVANCED", advanced) :: - (tag "EXPRESSION", req#param "expression") :: + (tag "EXPRESSION", html_encode (req#param "expression")) :: add_param_substs req#params @ (if advanced = "no" then [ tag "SIMPLE_CHECKED", "checked='true'"; @@ -293,7 +296,7 @@ let exec_action dbd (req: Http_types.request) outchan = tag "ADVANCED", advanced; tag "INTERPRETATIONS", html_interpretations; tag "CURRENT_CHOICES", req#param "choices"; - tag "EXPRESSION", req#param "expression"; + tag "EXPRESSION", html_encode (req#param "expression"); tag "QUERY_KIND", query_kind; tag "QUERY_SUMMARY", "disambiguation"; tag "ACTION", string_tail req#path ] @@ -311,6 +314,7 @@ let exec_action dbd (req: Http_types.request) outchan = in let module Disambiguate' = Disambiguate.Make(Chat) in let ast = CicTextualParser2.parse_term (Stream.of_string term_str) in + prerr_endline "prima della disambiguazione"; let (id_to_uris, metasenv, term) = match Disambiguate'.disambiguate_term dbd context metasenv ast id_to_uris @@ -318,6 +322,7 @@ let exec_action dbd (req: Http_types.request) outchan = | [id_to_uris,metasenv,term,_] -> id_to_uris,metasenv,term | _ -> assert false in + prerr_endline "dopo la disambiguazione"; let uris = match req#path with | "/match" -> MetadataQuery.match_term ~dbd term