I have a query which is built from url parameters.
If I send in double quotes the query ends up being:
field LIKE """"
And you end up with:
500 Internal Server Error
line 1, column 91: AND, OR or EOF expected, encountered. (com.enonic.xp.resource.ResourceProblemException)
Is there a escape/sanitize query function, or perhaps I should just use some native js function?
Perhaps: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
One quick and dirty solution could be to have regexp with a list of allowed characters, and replace all other characters with space?
var whitelistRegEx = /[^\s\w()?!]+/g;
exports.whitelist = function(data) {
return data.replace(whitelistRegEx, ' ');
};
(the code suggestion above was provided by @rfo )