epriestley 88ae246593 Write search bolding in a way which is certainly HTML-safe ... Summary: This algorithm is tricky, and uses `phutil_safe_html()` directly, which makes it potentially unsafe. In particular, D8859 fixes a bug with it which caused it to produce non-utf8 output. This doesn't guarantee it's a security problem, but does make it suspicious. I don't actually see a way to break it, but rewrite it so that it's absolutely bulletproof and does not need to call `phutil_safe_html()`. Test Plan: {F147487} @rugabarbo, if you have a chance, can you check if this still works for you? Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley, rugabarbo Differential Revision: https://secure.phabricator.com/D8862		2014-04-26 12:44:16 -07:00
..
application	Use ApplicationSearch to power primary search	2014-02-03 12:52:47 -08:00
config	Use ApplicationSearch to power primary search	2014-02-03 12:52:47 -08:00
constants	Replace "search scope" with selectable default behavior	2014-02-03 14:29:49 -08:00
controller	Implement PhabricatorApplicationTransactionInterface in Differential	2014-04-17 16:03:24 -07:00
engine	Provide viewer to CustomFields in ApplicationSearch	2014-03-25 14:02:18 -07:00
index	Use ApplicationTransactions/CustomField to power Differential global search	2014-02-26 11:18:06 -08:00
interface	Provide PhabricatorSavedQuery to renderResultsList()	2013-07-03 05:46:04 -07:00
management	Perform search indexing in the worker queue and respect bin/search index --background	2014-01-14 13:22:56 -08:00
query	Put "Task" first on global search result type list	2014-04-24 08:11:13 -07:00
selector	Delete license headers from files	2012-11-05 11:16:51 -08:00
storage	Partially use ApplicationSearch in main search	2014-02-03 12:51:08 -08:00
view	Write search bolding in a way which is certainly HTML-safe	2014-04-26 12:44:16 -07:00
worker	Perform search indexing in the worker queue and respect bin/search index --background	2014-01-14 13:22:56 -08:00