From 324118a8210bf3a0ebba65027e1e5b39fd5f2a58 Mon Sep 17 00:00:00 2001 From: Richard Dern Date: Sat, 4 Apr 2026 01:25:26 +0200 Subject: [PATCH] Durcit le formulaire de recherche --- assets/js/search-page.js | 67 ++++++++++++++++++- themes/2026/layouts/_partials/site-title.html | 2 +- 2 files changed, 65 insertions(+), 4 deletions(-) diff --git a/assets/js/search-page.js b/assets/js/search-page.js index fffc8428..8fd7d9c9 100644 --- a/assets/js/search-page.js +++ b/assets/js/search-page.js @@ -2,6 +2,7 @@ const HIGHLIGHT_START = "__MEILI_HIGHLIGHT_START__"; const HIGHLIGHT_END = "__MEILI_HIGHLIGHT_END__"; +const MAX_SEARCH_QUERY_LENGTH = 200; /** * Lit la configuration exposee par le template Hugo. @@ -65,6 +66,58 @@ function readSearchQuery(queryParam) { return rawValue.trim(); } +/** + * Indique si la requete est acceptable pour le frontend. + * @param {string} query Texte recherche. + * @returns {boolean} + */ +function isSearchQueryValid(query) { + return query.length > 0 && query.length <= MAX_SEARCH_QUERY_LENGTH; +} + +/** + * Valide un chemin interne renvoye par l'index. + * @param {unknown} rawPath Chemin brut. + * @returns {string} + */ +function normalizeInternalPath(rawPath) { + if (typeof rawPath !== "string") { + return ""; + } + + const trimmedPath = rawPath.trim(); + if (trimmedPath.length === 0 || trimmedPath.startsWith("/") === false) { + return ""; + } + + if (trimmedPath.startsWith("//") || trimmedPath.includes("\\") || trimmedPath.includes("?") || trimmedPath.includes("#")) { + return ""; + } + + try { + const parsed = new URL(trimmedPath, window.location.origin); + if (parsed.origin !== window.location.origin) { + return ""; + } + + if (parsed.username.length > 0 || parsed.password.length > 0) { + return ""; + } + + if (parsed.search.length > 0 || parsed.hash.length > 0) { + return ""; + } + + if (parsed.pathname !== trimmedPath) { + return ""; + } + + return parsed.pathname; + } catch (_error) { + return ""; + } +} + /** * Construit le payload envoye a Meilisearch. * @param {string} query Texte recherche. @@ -202,11 +255,12 @@ function normalizeHit(hit) { return null; } - if (typeof hit.path !== "string" || hit.path.trim().length === 0) { + const normalizedPath = normalizeInternalPath(hit.path); + if (normalizedPath.length === 0) { return null; } - let title = hit.path.trim(); + let title = normalizedPath; if (typeof hit.title === "string" && hit.title.trim().length > 0) { title = hit.title.trim(); } @@ -230,7 +284,7 @@ function normalizeHit(hit) { titleMarkup, summary, summaryMarkup, - path: hit.path.trim(), + path: normalizedPath, section, published_at: publishedAt, }; @@ -627,6 +681,13 @@ async function initSearchPage() { return; } + if (isSearchQueryValid(query) === false) { + updateStatus(status, "Requete trop longue."); + setSectionVisibility(listingSection, false); + clearNode(results); + return; + } + updateStatus(status, "Recherche en cours..."); const response = await fetchAllSearchResults(config, query); diff --git a/themes/2026/layouts/_partials/site-title.html b/themes/2026/layouts/_partials/site-title.html index cab12416..6568a0c4 100644 --- a/themes/2026/layouts/_partials/site-title.html +++ b/themes/2026/layouts/_partials/site-title.html @@ -16,7 +16,7 @@ {{ $site.Title }}