SwiftPackageIndex-Server icon indicating copy to clipboard operation
SwiftPackageIndex-Server copied to clipboard

Published 20 hours ago verified publisher icon SwiftPackageIndex

Speech mark splits search input

Open Sherlouk opened this issue 3 years ago • 5 comments

Please describe the bug

If your search query includes a speech mark, then everything after (and including) the speech mark is then seemingly lost in the search box.

Explain the steps needed to reproduce the bug

  1. Navigate to to https://swiftpackageindex.com/search?query=test+%22+two
  2. See that the 'results for' section includes the full string, but the search box only has the the string before the speech mark.

What was the expected behaviour?

The search box should include the full query input string.

Screenshots

Screenshot 2021-12-01 at 2 05 23 pm

What web browser were you using? (if relevant)

  • Platform: Desktop
  • Browser: Chrome

Sherlouk avatar Dec 01 '21 14:12 Sherlouk

Identified here: https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/pull/1406#discussion_r760204998. The bug happens with/without filters.

Sherlouk avatar Dec 01 '21 14:12 Sherlouk

I've just had a look and this seems to be passed to the query as expected:

(lldb) po terms
▿ 1 element
  - 0 : "test\"two"

(lldb) po sanitizedTerms
▿ 1 element
  - 0 : "test\"two"

We can actually see it on the results page as well, it says Results for ”test"two“. So it seems to be roundtripping ok in principle.

@daveverwer , are we perhaps doing anything to the query in the search box at the Javascript level? I see some search related JS in search_filter_suggestions.js but that doesn't seem to touch the query input. It just deals with parsing out the filters.

finestructure avatar Jan 31 '22 14:01 finestructure

The bug here is because we set the field value verbatim.

<input id="query" name="query" type="search" placeholder="Search" spellcheck="false" autocomplete="off" data-gramm="false" data-focus="true" value="test " two">

See the mangled HTML at the end.

We need to escape speech marks before we put it in the HTML as the value otherwise it escapes itself out of the HTML attribute.

Sherlouk avatar Jan 31 '22 15:01 Sherlouk

Another way of looking at this is by opening this URL:

https://swiftpackageindex.com/search?query=test%22+disabled%3D%22true

This will disable the search prompt by taking advantage of the fact I can exit the scope of the value.

Sherlouk avatar Jan 31 '22 15:01 Sherlouk

This will disable the search prompt by taking advantage of the fact I can exit the scope of the value.

Ah, that makes sense. Thanks, James!

finestructure avatar Jan 31 '22 19:01 finestructure