search error handling & sanitize input for default fulltext

2025-06-05 09:28:45 +02:00 · 2019-04-02 22:52:42 +02:00 · 2019-04-02 22:52:42 +02:00 · ef1b32d586
commit ef1b32d586
parent fe3a0bc756
3 changed files with 22 additions and 5 deletions
--- a/src/public/javascripts/services/search_notes.js
+++ b/src/public/javascripts/services/search_notes.js
@ -80,12 +80,17 @@ async function doSearch(searchText) {
        return;
    }

-    const results = await server.get('search/' + encodeURIComponent(searchText));
+    const response = await server.get('search/' + encodeURIComponent(searchText));
+
+    if (!response.success) {
+        infoService.showError("Search failed.", 3000);
+        return;
+    }

    $searchResultsInner.empty();
    $searchResults.show();

-    for (const result of results) {
+    for (const result of response.results) {
        const link = $('<a>', {
            href: 'javascript:',
            text: result.title
--- a/src/routes/api/search.js
+++ b/src/routes/api/search.js
@ -9,7 +9,17 @@ const searchService = require('../../services/search');
 async function searchNotes(req) {
    const noteIds = await searchService.searchForNoteIds(req.params.searchString);

-    return noteIds.map(noteCacheService.getNotePath).filter(res => !!res);
+    try {
+        return {
+            success: true,
+            results: noteIds.map(noteCacheService.getNotePath).filter(res => !!res)
+        }
+    }
+    catch {
+        return {
+            success: false
+        }
+    }
 }

 async function searchFromNote(req) {
--- a/src/services/parse_filters.js
+++ b/src/services/parse_filters.js
@ -45,18 +45,20 @@ function calculateSmartValue(v) {
 module.exports = function (searchText) {
    // if the string doesn't start with attribute then we consider it as just standard full text search
    if (!searchText.trim().startsWith("@")) {
+        const sanitizedSearchText = searchText.replace(/[^\w ]+/g, "");
+
        return [
            {
                relation: 'and',
                name: 'text',
                operator: '=',
-                value: searchText
+                value: sanitizedSearchText
            },
            {
                relation: 'or',
                name: 'noteId',
                operator: '=',
-                value: searchText
+                value: sanitizedSearchText
            }
        ]
    }