From 2518cff02cfe821767a1e263070171ea65339213 Mon Sep 17 00:00:00 2001 From: James Addison Date: Tue, 22 Oct 2024 19:47:54 +0100 Subject: [PATCH 1/4] search: use a `Map` instead of an object literal to collect file-term scores --- sphinx/themes/basic/static/searchtools.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sphinx/themes/basic/static/searchtools.js b/sphinx/themes/basic/static/searchtools.js index 2c774d17aff..7f7d4812459 100644 --- a/sphinx/themes/basic/static/searchtools.js +++ b/sphinx/themes/basic/static/searchtools.js @@ -547,7 +547,7 @@ const Search = { // set score for the word in each file recordFiles.forEach((file) => { - if (!scoreMap.has(file)) scoreMap.set(file, {}); + if (!scoreMap.has(file)) scoreMap.set(file, new Map()); scoreMap.get(file)[word] = record.score; }); }); From bd60b801bdb8954f324753557175034f9bd30480 Mon Sep 17 00:00:00 2001 From: James Addison Date: Tue, 22 Oct 2024 20:00:47 +0100 Subject: [PATCH 2/4] Add CHANGES.rst entry --- CHANGES.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 6cef031159d..891f1ae6efe 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -18,5 +18,9 @@ Features added Bugs fixed ---------- +* #13060: HTML Search: use ``Map`` instead of object literal to store + per-file term scores, to prevent prototype pollution. + Patch by James Addison + Testing ------- From 2a1a43ce4b4729795e8bd5bdcaa34488bb407d83 Mon Sep 17 00:00:00 2001 From: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Date: Thu, 24 Oct 2024 17:59:02 +0100 Subject: [PATCH 3/4] Update CHANGES.rst --- CHANGES.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 891f1ae6efe..b47f417e9a1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -18,8 +18,7 @@ Features added Bugs fixed ---------- -* #13060: HTML Search: use ``Map`` instead of object literal to store - per-file term scores, to prevent prototype pollution. +* #13060: HTML Search: use ``Map`` to store per-file term scores. Patch by James Addison Testing From 846fb4a2be04407d7e4a86309da26075c76b0190 Mon Sep 17 00:00:00 2001 From: James Addison Date: Thu, 24 Oct 2024 18:15:19 +0100 Subject: [PATCH 4/4] search: ensure that we use `Map.set` instead of assigning to a property of the object Ref: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#setting_object_properties Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> --- sphinx/themes/basic/static/searchtools.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sphinx/themes/basic/static/searchtools.js b/sphinx/themes/basic/static/searchtools.js index 7f7d4812459..aaf078d2b91 100644 --- a/sphinx/themes/basic/static/searchtools.js +++ b/sphinx/themes/basic/static/searchtools.js @@ -548,7 +548,8 @@ const Search = { // set score for the word in each file recordFiles.forEach((file) => { if (!scoreMap.has(file)) scoreMap.set(file, new Map()); - scoreMap.get(file)[word] = record.score; + const fileScores = scoreMap.get(file); + fileScores.set(word, record.score); }); }); @@ -587,7 +588,7 @@ const Search = { break; // select one (max) score for the file. - const score = Math.max(...wordList.map((w) => scoreMap.get(file)[w])); + const score = Math.max(...wordList.map((w) => scoreMap.get(file).get(w))); // add result to the result list results.push([ docNames[file],