Revision 7678
Added by ben leinfelder almost 11 years ago
searchPathQuery.js | ||
---|---|---|
1 |
function encodeXML(theString) { |
|
2 |
return theString.replace(/&/g, '&') |
|
3 |
.replace(/</g, '<') |
|
4 |
.replace(/>/g, '>') |
|
5 |
.replace(/"/g, '"'); |
|
6 |
} |
|
7 |
|
|
1 | 8 |
function generateQueryString(organizationScope, anyValue, searchFields) { |
9 |
// make sure it is valid XML |
|
10 |
var searchTerm = encodeXML(anyValue); |
|
11 |
|
|
2 | 12 |
var queryString = ""; |
3 | 13 |
queryString += "<pathquery version='1.2'>"; |
4 | 14 |
queryString += "<returndoctype>metadata</returndoctype>"; |
... | ... | |
31 | 41 |
queryString += "<querygroup operator='UNION'>"; |
32 | 42 |
for (var i = 0; i < searchFields.length; i++) { |
33 | 43 |
queryString += "<queryterm casesensitive='false' searchmode='contains'>"; |
34 |
queryString += "<value>" + anyValue + "</value>";
|
|
44 |
queryString += "<value>" + searchTerm + "</value>";
|
|
35 | 45 |
queryString += "<pathexpr>" + searchFields[i] +"</pathexpr>"; |
36 | 46 |
queryString += "</queryterm>"; |
37 | 47 |
} |
... | ... | |
39 | 49 |
} |
40 | 50 |
else { |
41 | 51 |
queryString += "<queryterm casesensitive='false' searchmode='contains'>"; |
42 |
queryString += "<value>" + anyValue + "</value>";
|
|
52 |
queryString += "<value>" + searchTerm + "</value>";
|
|
43 | 53 |
queryString += "</queryterm>"; |
44 | 54 |
} |
45 | 55 |
|
Also available in: Unified diff
escape reserved XML characters when constructing a pathquery from user input (&). https://projects.ecoinformatics.org/ecoinfo/issues/3017