search query must be escaped
CarstenLeue opened this issue · 0 comments
CarstenLeue commented
In var searchParams = "q=*:*&fl=name,id&wt=json&fq=classification:content-type&fq=name:" + contentTypeName;
the value of the fq parameter needs to be escaped:
- the name of the content type represents a Solr query, so we need to apply Solr escaping
- the result must be escaped using encodeURIComponent since it is a query parameter
For Solr escaping the is no standard javascript method afaik, the equivalent java code is:
private static final String escapeQueryChars(final String s) {
final StringBuilder sb = new StringBuilder();
for (int i = 0; i < s.length(); i++) {
final char c = s.charAt(i);
// These characters are part of the query syntax and must be escaped
if ((c == '\\') || (c == '+') || (c == '-') || (c == '!') || (c == '(') || (c == ')') || (c == ':')
|| (c == '^') || (c == '[') || (c == ']') || (c == '\"') || (c == '{') || (c == '}') || (c == '~')
|| (c == '*') || (c == '?') || (c == '|') || (c == '&') || (c == ';') || (c == '/')
|| Character.isWhitespace(c)) {
sb.append('\\');
}
sb.append(c);
}
return sb.toString();
}