From 35fb6c3c046c5ad0ee6721c432fed641eeb2b8ff Mon Sep 17 00:00:00 2001
From: Seth <seth@collectiveaccess.org>
Date: Fri, 24 Sep 2021 12:59:30 -0400
Subject: [PATCH] Filter quicksearch input for XSS in all cases; make general
 filtering pref default to active in app.conf; had been disabled for
 performance reasons and due to user complaints; now leave it up to user to
 opt-put.

---
 app/conf/app.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/app/conf/app.conf b/app/conf/app.conf
index e12073a23a..e8c5731b1c 100755
--- a/app/conf/app.conf
+++ b/app/conf/app.conf
@@ -2099,6 +2099,15 @@ service_controllers_directory = <ca_app_dir>/service/controllers
 service_default_action = /search/rest/doSearch
 service_view_path = <ca_app_dir>/service/views
 
+# -----------------------------------
+# Filtering of text input
+#
+# Set to filter all entered data through HTMLPurifier
+# removing any potentially dangerous markup. This is generally 
+# a good thing, but significantly impacts performance. You may
+# wish to disable it if all user input is trusted.
+# -----------------------------------
+purify_all_text_input = 1
 
 # -----------------------------------
 # Paths to other config files