From a038f068ab79767c4c1c5093af4feb7bed89ecc1 Mon Sep 17 00:00:00 2001
From: rrajoria <88024787+rrajoria@users.noreply.github.com>
Date: Wed, 21 Sep 2022 14:26:12 +0530
Subject: [PATCH] Encoding to handle XSS (#1409)

---
 .../webscripts/org/alfresco/slingshot/search/search.get.js      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/amps/share-services/src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.get.js b/amps/share-services/src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.get.js
index aebd5ac93b..89a5efaf69 100644
--- a/amps/share-services/src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.get.js
+++ b/amps/share-services/src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.get.js
@@ -14,7 +14,7 @@ function main()
       maxResults: (args.maxResults !== null) ? parseInt(args.maxResults, 10) : DEFAULT_MAX_RESULTS,
       pageSize: (args.pageSize !== null) ? parseInt(args.pageSize, 10) : DEFAULT_PAGE_SIZE,
       startIndex: (args.startIndex !== null) ? parseInt(args.startIndex, 10) : 0,
-      facetFields: args.facetFields,
+      facetFields: encodeURIComponent(args.facetFields),
       filters: args.filters,
       encodedFilters: args.encodedFilters,
       spell: (args.spellcheck !== null) ? (args.spellcheck == "true") : false