TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-23 03:42:27 +03:00
Code Issues Projects Releases Wiki Activity

🐛 Fixed escaping search terms that contain special characters (#18151)

Browse Source 
fixes https://github.com/TryGhost/Ghost/issues/18133

Before, Sodo Search was not escaping search input before using the search terms in a regular expression, so using special characters could result in an invalid regular expression which would crash JavaScript.

As regular expressions date back to Perl, so does a standard solution for this, which called quotemeta in Perl. It doesn't exist 1:1 in JavaScript, but StackOverflow had the answer: stackoverflow.com/questions/6318710/javascript-equivalent-of-perls-q-e-or-quotemeta

So a line of code is added to escape the special characters in the regex for passing them through. This is the same code that the quotemeta module on NPM would use.
This commit is contained in:
Mark Stosberg 2023-09-20 04:17:21 -04:00 committed by GitHub
parent ccdda6f914
commit 7fa083d774
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/sodo-search/src/components/PopupModal.js
View File

@ -248,10 +248,12 @@ function PostListItem({post, selectedResult, setSelectedResult}) {
function getMatchIndexes({text, highlight}) {
let highlightRegexText = '';
highlight?.split(' ').forEach((d, idx) => {
// escape regex syntax in search queries
const e = String(d).replace(/\W/g, '\\&');
if (idx > 0) {
highlightRegexText += `|^` + d + `|\\s` + d;
highlightRegexText += `|^` + e + `|\\s` + e;
} else {
highlightRegexText = `^` + d + `|\\s` + d;
highlightRegexText = `^` + e + `|\\s` + e;
}
});
const matchRegex = new RegExp(`${highlightRegexText}`, 'ig');