From bec914c5f2407aaf6470adfb393124a50e3241a0 Mon Sep 17 00:00:00 2001 From: Rhys St Romaine Date: Wed, 23 Oct 2024 14:56:23 +0100 Subject: [PATCH 1/3] Add special characters to whitelist --- data/string.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/string.go b/data/string.go index 42b904ef..518dc1ff 100644 --- a/data/string.go +++ b/data/string.go @@ -50,7 +50,7 @@ func checkForNonSpaceCharacters(ctx context.Context, queryString string) error { } func checkForSpecialCharacters(ctx context.Context, str string) error { - re := regexp.MustCompile("[[:^ascii:]]") + re := regexp.MustCompile("[[:^ascii:]&&[^–‘’]]") match := re.MatchString(str) From 65d41be3c7d586458f49a55e5543dd149576c3ca Mon Sep 17 00:00:00 2001 From: Rhys St Romaine Date: Wed, 23 Oct 2024 16:03:46 +0100 Subject: [PATCH 2/3] Update special character regex --- data/string.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/string.go b/data/string.go index 518dc1ff..875d245a 100644 --- a/data/string.go +++ b/data/string.go @@ -50,7 +50,7 @@ func checkForNonSpaceCharacters(ctx context.Context, queryString string) error { } func checkForSpecialCharacters(ctx context.Context, str string) error { - re := regexp.MustCompile("[[:^ascii:]&&[^–‘’]]") + re := regexp.MustCompile("[^[:ascii:]–‘’]") match := re.MatchString(str) From 6f297f93f821cdb3189aa58f892a1e0973b96b5b Mon Sep 17 00:00:00 2001 From: Rhys St Romaine Date: Thu, 24 Oct 2024 08:58:58 +0100 Subject: [PATCH 3/3] Update special character regex and whitelist --- data/string.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data/string.go b/data/string.go index 875d245a..8eb293ad 100644 --- a/data/string.go +++ b/data/string.go @@ -15,6 +15,9 @@ const minQueryLength = 3 var regexString = strings.Repeat(`\S\s*`, minQueryLength) +// contains the special characters that are allowed in query validation +const AllowedSpecialCharacters = "–‘’" + // reviewQueryString performs basic checks on the string entered by the user func reviewQueryString(ctx context.Context, urlQuery url.Values) error { q := urlQuery.Get("q") @@ -50,7 +53,7 @@ func checkForNonSpaceCharacters(ctx context.Context, queryString string) error { } func checkForSpecialCharacters(ctx context.Context, str string) error { - re := regexp.MustCompile("[^[:ascii:]–‘’]") + re := regexp.MustCompile(fmt.Sprintf("[^[:ascii:]%s]", regexp.QuoteMeta(AllowedSpecialCharacters))) match := re.MatchString(str)