Bug #8284

Search parameters entered by user should not be escaped when returned in the search box.

Added by Dan Gillean about 7 years ago. Updated about 7 years ago.

Status:VerifiedStart date:04/15/2015
Priority:MediumDue date:
Assignee:Dan Gillean% Done:

0%

Category:Search / Browse
Target version:Release 2.2.0
Google Code Legacy ID: Tested version:2.2
Sponsored:No Requires documentation:

Description

To reproduce
  • In the global search box, enter a phrase in quotations to search exactly - e.g. "vancouver special"
  • Press enter
Resulting error
  • When the page reloads with results, the search box input is now escaped, and appears as:
    "vancouver special"
    
  • If you press enter again, and resubmit the query, it will keep escaping the escaped ampersand character, like so:
    "vancouver special"
    

While I got no results the first time, pressing enter again returns results - meaning that the escaped characters are not being interpreted as quotations when resubmitted to elasticsearch, and "vancouver" OR "special" is now being searched.

Expected behavior
Ideally, we can find a way to make sure that the search query is preserved, without mitigating the security protections provided by #7647.

History

#1 Updated by José Raddaoui Marín about 7 years ago

  • Status changed from New to QA/Review
  • Assignee changed from José Raddaoui Marín to Dan Gillean

#2 Updated by Dan Gillean about 7 years ago

  • Status changed from QA/Review to Verified

AMAZING THX

Also available in: Atom PDF