Skip to content

fix(search): sanitize FTS5 query input#349

Closed
Ricky-7-Yan wants to merge 1 commit into
TencentCloud:mainfrom
Ricky-7-Yan:fix-issue-160-sanitize-fts-query
Closed

fix(search): sanitize FTS5 query input#349
Ricky-7-Yan wants to merge 1 commit into
TencentCloud:mainfrom
Ricky-7-Yan:fix-issue-160-sanitize-fts-query

Conversation

@Ricky-7-Yan

@Ricky-7-Yan Ricky-7-Yan commented Jul 1, 2026

Copy link
Copy Markdown

Summary

Fixes #160.

  • Sanitize raw FTS5 query input before tokenization
  • Strip FTS5 operators such as AND, OR, NOT, and NEAR/5
  • Strip FTS5 control syntax such as quotes, parentheses, wildcard, and column markers
  • Keep normal keyword search behavior by preserving sanitized tokens
  • Add tests for regex fallback and jieba tokenization paths

Tests

  • npx.cmd vitest run src/core/store/sqlite.test.ts
  • npx.cmd vitest run

@Ricky-7-Yan

Copy link
Copy Markdown
Author

Superseded by #374 with a clearer PR template and task checklist.

@Ricky-7-Yan Ricky-7-Yan closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(search): buildFtsQuery does not sanitize FTS5 operators — user input alters query semantics

1 participant