Sanitize search text in bootstrap table (#3609)

* Sanitize search text in bootstrap table * Clean search query on the server side before rendering search page template - Refactor existing sanitizing code into functions * Make ASCII and Unicode cleaning optional
2025-07-01 03:00:54 +00:00 · 2022-08-25 14:10:39 +10:00
parent e8621a97bc
commit 8fa67b8671
5 changed files with 80 additions and 50 deletions
--- a/InvenTree/templates/js/translated/tables.js
+++ b/InvenTree/templates/js/translated/tables.js
@ -346,7 +346,9 @@ function convertQueryParameters(params, filters) {
    if ('original_search' in params) {
        var search = params['search'] || '';

-        params['search'] = search + ' ' + params['original_search'];
+        var clean_search = sanitizeInputString(search + ' ' + params['original_search']);
+
+        params['search'] = clean_search;

        delete params['original_search'];
    }