From 7fe7de329c773d9b0f90af662eeca32b409dad08 Mon Sep 17 00:00:00 2001
From: Jaifroid <egk10@cam.ac.uk>
Date: Wed, 1 Jan 2020 10:33:14 +0000
Subject: [PATCH] Port upstream PR that allows use of special characters in
 search

Former-commit-id: 4c2ba23b7f81e50f64421a3c078c406e9c4fac72 [formerly 558243560bf19d0cfe5951deafce9e8b80c5783b]
Former-commit-id: 7c3b7a3f4a942813118f95a80c9506e7de9e5e07
---
 www/js/app.js        |  3 ++-
 www/js/lib/uiUtil.js | 26 +++++++++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/www/js/app.js b/www/js/app.js
index c0e54c38..3bf48316 100644
--- a/www/js/app.js
+++ b/www/js/app.js
@@ -2256,7 +2256,8 @@ define(['jquery', 'zimArchiveLoader', 'uiUtil', 'util', 'utf8', 'images', 'cooki
             var listLength = dirEntryArray.length < MAX_SEARCH_RESULT_SIZE ? dirEntryArray.length : MAX_SEARCH_RESULT_SIZE;
             for (var i = 0; i < listLength; i++) {
                 var dirEntry = dirEntryArray[i];
-                articleListDivHtml += '<a href="#" dirEntryId="' + dirEntry.toStringId().replace(/'/g, '&apos;') +
+                var dirEntryStringId = uiUtil.htmlEscapeChars(dirEntry.toStringId());
+                articleListDivHtml += '<a href="#" dirEntryId="' + dirEntryStringId +
                     '" class="list-group-item">' + dirEntry.getTitleOrUrl() + '</a>';
             }
             articleListDiv.innerHTML = articleListDivHtml;
diff --git a/www/js/lib/uiUtil.js b/www/js/lib/uiUtil.js
index a8518025..d50f8ed4 100644
--- a/www/js/lib/uiUtil.js
+++ b/www/js/lib/uiUtil.js
@@ -500,6 +500,29 @@ define(['util'], function(util) {
             return rect.top < window.innerHeight + (offset > 0 ? offset : 0) && rect.bottom > 0 + (offset < 0 ? offset : 0) && rect.left < window.innerWidth && rect.right > 0;
     }
 
+    /**
+     * Encodes the html escape characters in the string before using it as html class name,id etc.
+     * 
+     * @param {String} string The string in which html characters are to be escaped
+     * 
+     */
+    function htmlEscapeChars(string) {
+        var escapechars = {
+            '&': '&amp;',
+            '<': '&lt;',
+            '>': '&gt;',
+            '"': '&quot;',
+            "'": '&#39;',
+            '/': '&#x2F;',
+            '`': '&#x60;',
+            '=': '&#x3D;'
+        };
+        string = String(string).replace(/[&<>"'`=/]/g, function (s) {
+            return escapechars[s];
+        });
+        return string;
+    }
+
     /**
      * Functions and classes exposed by this module
      */
@@ -519,6 +542,7 @@ define(['util'], function(util) {
         displayFileDownloadAlert: displayFileDownloadAlert,
         insertBreakoutLink: insertBreakoutLink,
         extractHTML: extractHTML,
-        systemAlert: systemAlert
+        systemAlert: systemAlert,
+        htmlEscapeChars: htmlEscapeChars
     };
 });