cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add <mark> highlighting to search match context snippets
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 1m14s
Details
CI / docker (push) Successful in 46s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 38s
Details

Browse Source 
The command palette renders matchContext via dangerouslySetInnerHTML
expecting HTML with <mark> tags, but extractSnippet() returned plain
text. Wrap the matched term in <mark> tags and escape surrounding
text to prevent XSS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-01 21:18:04 +02:00
parent 1d791bb329
commit 910230cbf8
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cameleer3-server-app/src/main/java/com/cameleer3/server/app/search/ClickHouseSearchIndex.java
View File

@@ -289,7 +289,14 @@ public class ClickHouseSearchIndex implements SearchIndex {
if (idx < 0) return null;
int start = Math.max(0, idx - contextChars / 2);
int end = Math.min(text.length(), idx + searchTerm.length() + contextChars / 2);
return (start > 0 ? "..." : "") + text.substring(start, end) + (end < text.length() ? "..." : "");
String before = escapeHtml(text.substring(start, idx));
String match = escapeHtml(text.substring(idx, idx + searchTerm.length()));
String after = escapeHtml(text.substring(idx + searchTerm.length(), end));
return (start > 0 ? "..." : "") + before + "<mark>" + match + "</mark>" + after + (end < text.length() ? "..." : "");
}
private static String escapeHtml(String s) {
return s.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;");
}
private static String escapeLike(String term) {