From 924f6783432e98f954a8ff7f544c28cceeb73e18 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Wed, 4 Sep 2013 15:07:41 +0200
Subject: [PATCH] OO-754: escape the highlighted text (prevent html code or xml
 code to break our layout)

---
 .../org/olat/search/service/searcher/SearchResultsImpl.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/olat/search/service/searcher/SearchResultsImpl.java b/src/main/java/org/olat/search/service/searcher/SearchResultsImpl.java
index a18069ce0ca..783e3470e35 100644
--- a/src/main/java/org/olat/search/service/searcher/SearchResultsImpl.java
+++ b/src/main/java/org/olat/search/service/searcher/SearchResultsImpl.java
@@ -41,6 +41,7 @@ import org.apache.lucene.search.TopDocs;
 import org.apache.lucene.search.highlight.Highlighter;
 import org.apache.lucene.search.highlight.InvalidTokenOffsetsException;
 import org.apache.lucene.search.highlight.QueryScorer;
+import org.apache.lucene.search.highlight.SimpleHTMLEncoder;
 import org.apache.lucene.search.highlight.SimpleHTMLFormatter;
 import org.olat.core.commons.persistence.DBFactory;
 import org.olat.core.commons.services.search.AbstractOlatDocument;
@@ -244,7 +245,8 @@ public class SearchResultsImpl implements SearchResults {
 	 * @throws IOException
 	 */
 	private void doHighlight(Query query, Analyzer analyzer, Document doc, ResultDocument resultDocument) throws IOException {
-		Highlighter highlighter = new Highlighter(new SimpleHTMLFormatter(HIGHLIGHT_PRE_TAG,HIGHLIGHT_POST_TAG) , new QueryScorer(query));
+		Highlighter highlighter = new Highlighter(new SimpleHTMLFormatter(HIGHLIGHT_PRE_TAG,HIGHLIGHT_POST_TAG) ,
+				new SimpleHTMLEncoder(), new QueryScorer(query));
 		// Get 3 best fragments of content and seperate with a "..."
 		try {
 			//highlight content
-- 
GitLab