mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-24 03:14:03 +03:00
🐛 Fixed escaping search terms that contain special characters (#18151)
fixes https://github.com/TryGhost/Ghost/issues/18133 Before, Sodo Search was not escaping search input before using the search terms in a regular expression, so using special characters could result in an invalid regular expression which would crash JavaScript. As regular expressions date back to Perl, so does a standard solution for this, which called quotemeta in Perl. It doesn't exist 1:1 in JavaScript, but StackOverflow had the answer: stackoverflow.com/questions/6318710/javascript-equivalent-of-perls-q-e-or-quotemeta So a line of code is added to escape the special characters in the regex for passing them through. This is the same code that the quotemeta module on NPM would use.
This commit is contained in:
parent
ccdda6f914
commit
7fa083d774
@ -248,10 +248,12 @@ function PostListItem({post, selectedResult, setSelectedResult}) {
|
||||
function getMatchIndexes({text, highlight}) {
|
||||
let highlightRegexText = '';
|
||||
highlight?.split(' ').forEach((d, idx) => {
|
||||
// escape regex syntax in search queries
|
||||
const e = String(d).replace(/\W/g, '\\&');
|
||||
if (idx > 0) {
|
||||
highlightRegexText += `|^` + d + `|\\s` + d;
|
||||
highlightRegexText += `|^` + e + `|\\s` + e;
|
||||
} else {
|
||||
highlightRegexText = `^` + d + `|\\s` + d;
|
||||
highlightRegexText = `^` + e + `|\\s` + e;
|
||||
}
|
||||
});
|
||||
const matchRegex = new RegExp(`${highlightRegexText}`, 'ig');
|
||||
|
Loading…
Reference in New Issue
Block a user