Properly escape regex when performing search query

cubing · Oct 17, 2021 · 15970a8 · 15970a8
1 parent beb8fb8
commit 15970a8
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/backend/functions/src/schema/core/helpers/shared.ts b/backend/functions/src/schema/core/helpers/shared.ts
@@ -56,6 +56,10 @@ export function lowercaseString(str: string): string {
   return str.charAt(0).toLowerCase() + str.slice(1);
 }
 
+export function escapeRegExp(str: string): string {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); // escape regexp
+}
+
 export function objectOnlyHasFields(
   obj: StringKeyObject,
   fields: string[],

diff --git a/backend/functions/src/schema/core/services/normal.ts b/backend/functions/src/schema/core/services/normal.ts
@@ -28,7 +28,7 @@ import {
 
 import { ServiceFunctionInputs } from "../../../types";
 
-import { btoa, isObject } from "../helpers/shared";
+import { btoa, escapeRegExp, isObject } from "../helpers/shared";
 
 export type FieldObject = {
   field?: string;
@@ -351,7 +351,7 @@ export class NormalService extends BaseService {
       for (const prop in this.searchFieldsMap) {
         whereSubObject.fields.push({
           field: this.searchFieldsMap[prop].field ?? prop,
-          value: new RegExp(validatedArgs.search, "i"),
+          value: new RegExp(escapeRegExp(validatedArgs.search), "i"),
           operator: "regex",
         });
       }
@@ -426,7 +426,7 @@ export class NormalService extends BaseService {
       for (const prop in this.searchFieldsMap) {
         whereSubObject.fields.push({
           field: this.searchFieldsMap[prop].field ?? prop,
-          value: new RegExp(validatedArgs.search, "i"),
+          value: new RegExp(escapeRegExp(validatedArgs.search), "i"),
           operator: "regex",
         });
       }