opentrials / opentrials

100%

master: 100%

LAST BUILD ON BRANCH escape-es-querystring-before-sending-to-api

branch: escape-es-querystring-before-sending-to-api

CHANGE BRANCH

x

Reset

• escape-es-querystring-before-sending-to-api
• 53-clear-query
• 692-fix-unencoded-urls-in-emails
• add-filter-for-publications
• add-install-instructions
• add-links-and-categories-to-data-contributions
• add-search
• add-terms-and-conditions
• add-tooltip-text
• add_csr_synopsis
• all-identifiers-are-the-same
• bug/423-fix-login-google-facebook
• bug/446-fix-discrepancies-source-url
• bug/529-fix-running-linter
• bug/565-fix-datepicker-in-firefox
• bug/622-persisting-notifications
• bug/729-cannot-auth-users
• bug/add-stats-page-back
• bug/escape-fda-doc-text-search-query
• bug/fda-docs-action-dates-are-wrong
• bug/fix-bug-with-file-uploads
• bug/fix-shrinkwrap
• bug/fix-takedown-url
• bug/limit-memory-usage-to-512mb
• bug/osp-ribbon-dead-link
• bug/records-source-id
• bug/show-data-contributions-url
• bug/study-results-filters-isnt-persistent-across-reloads
• bug/trial-all-sources
• colours
• consent-manager
• cookie-bar
• data-discrepancies
• discrepancies
• dont-swallow-server-errors
• escape-elasticsearch
• feature/100-enable-ssl
• feature/426-setup-sentry
• feature/433-print-errors
• feature/447-warn-anonymous-contributors
• feature/468-update-terms-of-use
• feature/480-sort-sources-by-name
• feature/500-search-api
• feature/501-fda-search-page
• feature/558-data-contributions-categories
• feature/574-improve-fda-docs-pages
• feature/600-improve-fda-about-and-vote-link
• feature/651-disable-autocomplete-except-locations
• feature/652-pressing-enter-on-autocomplete-submits
• feature/656-display-unregistered-trials
• feature/699-prevent-blank-contributions
• feature/708-add-filter-by-source
• feature/715-strip-unknown-params-when-in-production
• feature/717-info-search-results-order
• feature/741-list-database-dumps
• feature/758-eliminate-registration-filter
• feature/add-document-id-to-contributions
• feature/add-npm-command-to-change-user-role
• feature/contribute-data
• feature/credit-documentcloud-for-ocr
• feature/display_exemption_date
• feature/display_last_verification_date
• feature/document-categories-from-api
• feature/email-alerts-for-data-contributions
• feature/embed-redash-visualisations
• feature/expose-trialrecords
• feature/fda-documents-previews
• feature/fda-files-preview
• feature/fda-section-for-trials
• feature/improve-data-curation
• feature/improve-rob-messages
• feature/move-publications-list
• feature/no-trial-contribution-warning
• feature/ot-fda-about-text
• feature/process-data-contributions
• feature/remove-unused-code
• feature/replace-doc-type-with-category
• feature/review-data-contributions
• feature/risks_of_bias
• feature/seo-improvements
• feature/set-datacontributions-approved-as-nullable
• feature/trial-registered-boolean
• feature/trigger-for-updated-at
• feature/under-construction-disclaimer
• feature/update-ot-fda-about-page
• feature/user-login
• feature/vote-for-us-badge
• features/publications
• fix-ui-for-trials-without-registration-date
• fix-unstyled-flash
• fix/727-remove-data-contribution-source
• fix/correct-links-for-dumps
• fix/display-missing-lay-summary-text
• fix/update-links-terms-of-use-page
• fix/visible-database-icon
• fixes-and-enhancements-to-search
• flash-messages
• footer-links-spacing
• handle-results-document
• hotfix/contribution-category-display-fixes
• hotfix/hide-discrepancies-link-when-unused
• ignore-undefined-fields-for-discrepancy
• implement-wireframe
• improve-data-contribution-texts
• improve-error-handling
• improve-search-input-placeholder
• improvements-to-discrepancies
• link-styles
• list-items
• master
• minor-ui-fixes
• navigation
• ok-panel
• oki-panel
• related-entities
• remove-locations
• remove-transparency-ranking-citation
• remove-unused-fields
• remove-vote-ribbon
• rename-persons-to-people
• rename-problems-to-conditions
• search
• search-clear-button-clears-entire-form
• search-filters
• separation-between-conditions-and-interventions-in-search-results
• setup-docker
• split_recruitment_status_into_status
• trials-documents
• trials-page
• ui-improvements
• ui-tweaks
• update-fields-used-to-calculate-discrepancies
• updating-dependencies
• upgrade-node-6
• use-uuid1-instead-of-uuid4
• v1.0.0

Build # 303

Build Type

push

travis-ci

Committed by vitorbaptista

Commit Message

[#227] Escape Query String to avoid syntax errors

We're exposing ElasticSearch's query strings in the API to allow advanced
search features without relying on explicit fields. This has the drawback of
making it possible for the user to do an invalid query, which would raise an
syntax error. Obviously, this is bad UX.

ElasticSearch has a simple query string which avoids this, but we're using a
few query string features that aren't available in simple query strings like
searching for date ranges and in specific fields.

In the future, we will have to stop using query strings and build our own
syntax (similar to GitHub or Slack's search). Meanwhile, this change escapes
the query string passed by the user, so it's impossible to raise syntax errors.
This has the drawback of limiting what the user can do in the query. After this
change, she'll only be able to do simple queries, at most with logical
connectors like AND, OR and NOT.

This is a reasonable tradeoff for now, IMHO.

Fixes #227

Run Details

526 of 526 relevant lines covered (100.0%)

14.2 hits per line