Class: Jekyll::SearchForm

Inherits:
Object
  • Object
show all
Defined in:
lib/jekyll/FDroidSearchAutocompleteTag.rb

Class Method Summary collapse

Class Method Details

.render_form(context, search_form_template_path, result_item_template_contents) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/jekyll/FDroidSearchAutocompleteTag.rb', line 20

def self.render_form(context, search_form_template_path, result_item_template_contents)
  site = context.registers[:site]
  repo_timestamp = FDroid::IndexV1.download(site.config['fdroid-repo'], 'en').repo.timestamp

  context['result_item_template'] = result_item_template_contents

  # If an app developer is able to guess this at the time that they write their app descriptions, then they could
  # potentially try and inject a new template which hijacks the search results template. This is due to the way in
  # which JS is used to find the relevant `<script type="x-tmpl-mustache" id="...-{{ search_id }}">` template.
  # Thus, make it random, and include the repo timestamp. They'd need to guess a random number correctly, and it
  # will change every day that the repo is republished.
  context['search_id'] = "#{rand(1000000)}.#{repo_timestamp}"

  context['repo_timestamp'] = repo_timestamp

  template = Liquid::Template.parse(IO.read((File.expand_path(search_form_template_path, File.dirname(__FILE__)))))
  template.render(context)
end