Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Blocking special characters in search

Avatar

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile
berni7473
Level 2

30-04-2019

Hi ,

I have created a search component which performs a fulltextsearch. I am able to perform search for a string however, if i search for a string with special characters the search is still working. I need to block the search from happening i.e. if a user does a search with any special characters, the result should be a "Page not found" or a "Could not find what you're looking for" message.

The search component is a created taking reference from the searchpromote component in aem and it is in JSP.

Please let me know if there are any useful inputs on the same.

Regards,

Bernadine Soman

smacdonald2008Veena_07Arun Patidar

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile
berni7473
Level 2

02-05-2019

Thanks Arun, I tried doing the same with regex expressions and it worked. Using the Pattern and Matcher , I achieved the result I wanted. The key challenge here, was that I was not able to seperate the query String into actual characters and special characters i.e. if I entered any string such as "Test$%$#&" the search would still happen, I wanted it to be blocked even before the string is encoded into a url. Finally the following worked for me:

String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");

Pattern pattern = Pattern.compile("[<>\'/=]");

Matcher m = pattern.matcher(URLDecoder.decode(searchTerm, "UTF-8"));

boolean value = m.find();

pageContext.setAttribute("value",value);

pageContext.setAttribute("searchterm",StringUtils.isNotBlank(searchTerm) && !searchTerm.equals("*") && value== false ? URLDecoder.decode(searchTerm, "UTF-8") : "");

This is in JSP of the component.

Thanks Everybody for your helpful insights.

Answers (7)

Answers (7)

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,279 likes

Total Posts

3,155 posts

Correct Reply

889 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,279 likes

Total Posts

3,155 posts

Correct Reply

889 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

02-05-2019

Do you have your code snippet in /libs/cq/searchpromote/components/results/results.jsp, if yes then you can try below approach to update code near line 36

if (search.getQueryString() != null) {

       Query query = search.getQuery();

        long totalResults = 0:

        long totalPages = 0;

        long resultsOnCurrentPage = 0;

        String currentPageNumber = "0";

String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");

String iChars = "!@#$%^*";

if(!searchTerm.matches(".*[!@#$%^*].*"))

{ 

     totalResults = query.getTotalResults();

    resultsOnCurrentPage = search.getResults().size();

}

I didn't find any snippet and I did not tried this but you can give a shot.

May be you need to check match method with debugger.

      

Avatar

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile
berni7473
Level 2

01-05-2019

Thanks for the insight. The check which you are saying for the special characters, that is exactly what I'm wanting to do. This is the snippet I have in the jsp:

String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");

pageContext.setAttribute("searchterm",StringUtils.isNotBlank(searchTerm) && !searchTerm.equals("*") ? URLDecoder.decode(searchTerm, "UTF-8") : "");

Now here before it goes to the pageContext I need to add a check, which is where I am struggling. Is there any snippet or any kind of reference which I can take to perform the special character check here?

Regards,

Bernadine Soman

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,279 likes

Total Posts

3,155 posts

Correct Reply

889 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,279 likes

Total Posts

3,155 posts

Correct Reply

889 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

30-04-2019

at aem side you need to write a check for special characters in /libs/cq/searchpromote/components/init.jsp

I would recommend you to do it client side to avoid server side processing.

If you are facing the issue with URL encoding you can try decoding query before validating and please check regex as well.

Tryit Editor v3.6

let me know if you need help with regex.

Avatar

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile
berni7473
Level 2

30-04-2019

I am already using the regex expression but then when I try any other string with special characters the search is still working.

I want to block the search for special characters in the query term itself from aem level.

Avatar

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 2
berni7473
Level 2

Likes

6 likes

Total Posts

26 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile
berni7473
Level 2

30-04-2019

Not exactly, I want to block a few characters from the search. Suppose I have the query string as "text$#%file&*alert(1)", now when I search for this the special characters in the url are replaced by %22%32 or something like this because of the url decoder.

I want this to be blocked.

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,279 likes

Total Posts

3,155 posts

Correct Reply

889 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,279 likes

Total Posts

3,155 posts

Correct Reply

889 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

30-04-2019

I think you can do this using front end (e.g. jquery or javascript).

for the search input field, apply regex validation or special character check, if the input contains invalid characters, display error page or some info otherwise submit the form to get search results.

Avatar

Avatar
Establish
MVP
Veena_Vikram
MVP

Likes

449 likes

Total Posts

1,024 posts

Correct Reply

116 solutions
Top badges earned
Establish
Coach
Contributor 2
Seeker
Ignite 5
View profile

Avatar
Establish
MVP
Veena_Vikram
MVP

Likes

449 likes

Total Posts

1,024 posts

Correct Reply

116 solutions
Top badges earned
Establish
Coach
Contributor 2
Seeker
Ignite 5
View profile
Veena_Vikram
MVP

30-04-2019

Do you want to restrict the special character search ?