Skip to Content
Last modified by Super Admin on 2026/03/22 00:39
From version Icon 25.1 Icon
edited by XWikiGuest
on 2026/03/10 22:20
Change comment: There is no comment for this version
To version Icon 27.1 Icon
edited by Super Admin
on 2026/03/12 12:20
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.XWikiGuest
1 +XWiki.superadmin
Content
... ... @@ -118,6 +118,13 @@
118 118  
119 119  <script>
120 120  (function() {
121 + // XSSエスケープ関数
122 + function escapeHtml(s) {
123 + var div = document.createElement('div');
124 + div.appendChild(document.createTextNode(s));
125 + return div.innerHTML;
126 + }
127 +
121 121   // 学校マスターデータをJSON APIから取得
122 122   var schools = [];
123 123   var schoolsLoaded = false;
... ... @@ -161,11 +161,11 @@
161 161   var li = document.createElement('li');
162 162   li.className = 'search-result-item';
163 163   li.innerHTML =
164 - '<div class="search-result-name">' + s.name + '</div>' +
171 + '<div class="search-result-name">' + escapeHtml(s.name) + '</div>' +
165 165   '<div class="search-result-info">' +
166 - s.pref + ' ' + s.city + ' ・ ' + s.type + '(' + s.est + ')' +
173 + escapeHtml(s.pref) + ' ' + escapeHtml(s.city) + ' ・ ' + escapeHtml(s.type) + '(' + escapeHtml(s.est) + ')' +
167 167   '</div>' +
168 - '<div class="search-result-code">' + s.code + '</div>';
175 + '<div class="search-result-code">' + escapeHtml(s.code) + '</div>';
169 169   li.onclick = function() { selectSchool(s); };
170 170   resultsList.appendChild(li);
171 171   });