Developer Docs /Backend Development /Delivery Tier /Search Queries /Search Tips & Gotchas /SearchInputParsingUtils

Sanitize Search Input

HST'sSearchInputParsingUtils provide utility methods for sanitizing potentially malicious query strings by filtering out invalid characters or constraining the use of wildcards.

We recommend to always useSearchInputParsingUtils for free-text queries injected into anHstQuery.

For optimal performance, it is best to set theparse method's allowSingleNonLeadingWildCardPerTerm parameter tofalse:

final HstRequestContext context = request.getRequestContext();final HippoBean scope = context.getSiteContentBaseBean();HstQueryBuilder hstQueryBuilder = HstQueryBuilder.create(scope)        .ofTypes(BaseDocument.class);// PARSE the queryString query = getPublicRequestParameter(request, "query");String parsedQuery = SearchInputParsingUtils.parse(query, false);        if (StringUtils.isNotEmpty(parsedQuery)) {    hstQueryBuilder = hstQueryBuilder.where(constraint(".").contains(parsedQuery));}            final HstQuery hstQuery = hstQueryBuilder.build();final HstQueryResult result = hstQuery.execute();request.setAttribute("result", result);

Did you find this page helpful?

How could this documentation serve you better?

Cheers!

Did you find this page helpful?

How could this documentation serve you better?

Cheers!

Movatterモバイル変換

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Sanitize Search Input

Did you find this page helpful?

On this page

Did you find this page helpful?