Hi ,
I have created a search component which performs a fulltextsearch. I am able to perform search for a string however, if i search for a string with special characters the search is still working. I need to block the search from happening i.e. if a user does a search with any special characters, the result should be a "Page not found" or a "Could not find what you're looking for" message.
The search component is a created taking reference from the searchpromote component in aem and it is in JSP.
Please let me know if there are any useful inputs on the same.
Regards,
Bernadine Soman
smacdonald2008 Veena_07 Arun Patidar
Solved! Go to Solution.
Views
Replies
Total Likes
Thanks Arun, I tried doing the same with regex expressions and it worked. Using the Pattern and Matcher , I achieved the result I wanted. The key challenge here, was that I was not able to seperate the query String into actual characters and special characters i.e. if I entered any string such as "Test$%$#&" the search would still happen, I wanted it to be blocked even before the string is encoded into a url. Finally the following worked for me:
String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");
Pattern pattern = Pattern.compile("[<>\'/=]");
Matcher m = pattern.matcher(URLDecoder.decode(searchTerm, "UTF-8"));
boolean value = m.find();
pageContext.setAttribute("value",value);
pageContext.setAttribute("searchterm",StringUtils.isNotBlank(searchTerm) && !searchTerm.equals("*") && value== false ? URLDecoder.decode(searchTerm, "UTF-8") : "");
This is in JSP of the component.
Thanks Everybody for your helpful insights.
Views
Replies
Total Likes
Do you want to restrict the special character search ?
Views
Replies
Total Likes
I think you can do this using front end (e.g. jquery or javascript).
for the search input field, apply regex validation or special character check, if the input contains invalid characters, display error page or some info otherwise submit the form to get search results.
Views
Replies
Total Likes
Not exactly, I want to block a few characters from the search. Suppose I have the query string as "text$#%file&*alert(1)", now when I search for this the special characters in the url are replaced by %22%32 or something like this because of the url decoder.
I want this to be blocked.
Views
Replies
Total Likes
I am already using the regex expression but then when I try any other string with special characters the search is still working.
I want to block the search for special characters in the query term itself from aem level.
Views
Replies
Total Likes
at aem side you need to write a check for special characters in /libs/cq/searchpromote/components/init.jsp
I would recommend you to do it client side to avoid server side processing.
If you are facing the issue with URL encoding you can try decoding query before validating and please check regex as well.
let me know if you need help with regex.
Views
Replies
Total Likes
Thanks for the insight. The check which you are saying for the special characters, that is exactly what I'm wanting to do. This is the snippet I have in the jsp:
String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");
pageContext.setAttribute("searchterm",StringUtils.isNotBlank(searchTerm) && !searchTerm.equals("*") ? URLDecoder.decode(searchTerm, "UTF-8") : "");
Now here before it goes to the pageContext I need to add a check, which is where I am struggling. Is there any snippet or any kind of reference which I can take to perform the special character check here?
Regards,
Bernadine Soman
Views
Replies
Total Likes
Do you have your code snippet in /libs/cq/searchpromote/components/results/results.jsp, if yes then you can try below approach to update code near line 36
if (search.getQueryString() != null) {
Query query = search.getQuery();
long totalResults = 0:
long totalPages = 0;
long resultsOnCurrentPage = 0;
String currentPageNumber = "0";
String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");
String iChars = "!@#$%^*";
if(!searchTerm.matches(".*[!@#$%^*].*"))
{
totalResults = query.getTotalResults();
resultsOnCurrentPage = search.getResults().size();
}
I didn't find any snippet and I did not tried this but you can give a shot.
May be you need to check match method with debugger.
Views
Replies
Total Likes
Thanks Arun, I tried doing the same with regex expressions and it worked. Using the Pattern and Matcher , I achieved the result I wanted. The key challenge here, was that I was not able to seperate the query String into actual characters and special characters i.e. if I entered any string such as "Test$%$#&" the search would still happen, I wanted it to be blocked even before the string is encoded into a url. Finally the following worked for me:
String searchTerm = Search.getQueryParameter(search.getQueryString(),"q");
Pattern pattern = Pattern.compile("[<>\'/=]");
Matcher m = pattern.matcher(URLDecoder.decode(searchTerm, "UTF-8"));
boolean value = m.find();
pageContext.setAttribute("value",value);
pageContext.setAttribute("searchterm",StringUtils.isNotBlank(searchTerm) && !searchTerm.equals("*") && value== false ? URLDecoder.decode(searchTerm, "UTF-8") : "");
This is in JSP of the component.
Thanks Everybody for your helpful insights.
Views
Replies
Total Likes
Views
Likes
Replies