Browse Source

Escape search query correctly and fix pagination

This closes #1.
master
Perception 3 months ago
parent
commit
6354a6b7e8
3 changed files with 9 additions and 4 deletions
  1. +3
    -1
      page.js
  2. +1
    -1
      routes/search.js
  3. +5
    -2
      templates/_search.ejs

+ 3
- 1
page.js View File

@ -1,6 +1,7 @@
const fs = require('fs')
const ejs = require('ejs')
const Bluebird = require('bluebird')
const {htmlEscape, htmlUnescape} = require('escape-goat')
const readFileAsync = Bluebird.promisify(fs.readFile)
@ -8,7 +9,8 @@ async function render(name, data) {
const tmplPath = `${__dirname}/templates/${name}.ejs`
const buffer = await readFileAsync(tmplPath)
const tmpl = buffer.toString()
return ejs.render(tmpl, data, {
const context = Object.assign({ htmlEscape, htmlUnescape }, data)
return ejs.render(tmpl, context, {
views: [ `${__dirname}/templates` ]
})
}


+ 1
- 1
routes/search.js View File

@ -36,7 +36,7 @@ module.exports.GET = async (req, res) => {
}
// Search, if we have a query.
const path = `/search?q=${url.search.q}&`
const path = `/search?q=${encodeURIComponent(url.search.q)}&`
const {limit, offset} = pagination.getValuesToPaginate({ currentPage: p, perPage: PER_PAGE })
const q2 = safeQuery(q)
const results = await ds.search(db, q2, limit, offset)


+ 5
- 2
templates/_search.ejs View File

@ -8,8 +8,11 @@
<div class="row" >
<form method="GET" action="/search" >
<div class="eight columns" >
<% let search = typeof q == 'undefined' ? '' : q %>
<input type="text" name="q" value="<%= search %>" class="u-full-width" />
<%
let search = typeof q == 'undefined' ? '' : q;
search = htmlEscape(q).replace(/\+/g, ' ')
%>
<input type="text" name="q" value="<%- search %>" class="u-full-width" />
</div>
<div class="four columns" >
<input type="submit" class="button-primary" value="Search" />


Loading…
Cancel
Save