This article covers a Bloomreach Experience Manager version 13. There's an updated version available that covers our most recent release.

Sanitize Search Input

HST's SearchInputParsingUtils provide utility methods for sanitizing potentially malicious query strings by filtering out invalid characters or constraining the use of wildcards.

We recommend to always use SearchInputParsingUtils for free-text queries injected into an HstQuery.

For optimal performance, it is best to set the parse method's allowSingleNonLeadingWildCardPerTerm parameter to false:

final HstRequestContext context = request.getRequestContext();
final HippoBean scope = context.getSiteContentBaseBean();

HstQueryBuilder hstQueryBuilder = HstQueryBuilder.create(scope)
        .ofTypes(BaseDocument.class);

// PARSE the query
String query = getPublicRequestParameter(request, "query");
String parsedQuery = SearchInputParsingUtils.parse(query, false);
        
if (StringUtils.isNotEmpty(parsedQuery)) {
    hstQueryBuilder = hstQueryBuilder.where(constraint(".").contains(parsedQuery));
}
            
final HstQuery hstQuery = hstQueryBuilder.build();

final HstQueryResult result = hstQuery.execute();
request.setAttribute("result", result);

Did you find this page helpful?

How could this documentation serve you better?

Did you find this page helpful?

How could this documentation serve you better?

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Sanitize Search Input

Did you find this page helpful?

On this page

Did you find this page helpful?