Sharing is helping.

We offer you this space to share your knowledge about Magento and learn from our experienced customers.


    Home Forums "How do I" questions catalog search xss vulnerability Reply To: catalog search xss vulnerability

    #19361

    Bart

    Try this:

    /**
    * Retrieve HTML escaped search query
    *
    * @return string
    */
    public function getEscapedQueryText()
    {
    if ( !preg_match ( “/^[a-z A-Z 0-9 -]+$/”, $_queryText ) ) { return false; }
    return $this->htmlEscape($this->getQueryText());
    }