Jump to content


Photo

JS Autocomplete : escaping characters to protect JS code and searching from any position in a string


  • Please log in to reply
3 replies to this topic

#1 phdphd

phdphd

    Advanced Member

  • Members
  • PipPipPip
  • 112 posts

Posted 12 December 2013 - 12:38 PM

Hi All,

 

I have found an interesting autocomplete js code at http://hscripts.com/...mplete-form.php

that works without jQuery and grabs data from a php array.

 

I managed to have the data extracted from a database first and I am using the following piece of PHP code inside the JS suggestions variable to feed this variable :

 $tmp = Array();
    foreach($tab as $k=>$v)
		{
		
		$tmp[] = '"'.addslashes($v).'"'; 
		 
		}
		
echo join(',', $tmp);

I use addslashes because I noticed that the autocomplete does not work if one of the retreived words contains a double-quote.

 

Is this enough to protect JS coding ?

 

I also would like to make this JS code search for the typed characters at any position in the strings (not just from the beginning). Is this feasible ?

 

Thanks!

 

PS/ I also made the JS case insensitive by applying the following tip : http://www.vonloesch...18#comment-2832

 



#2 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,674 posts
  • LocationBonita, FL

Posted 12 December 2013 - 02:47 PM

Is this enough to protect JS coding ?

No, use json_encode when outputting information to javascript.

I also would like to make this JS code search for the typed characters at any position in the strings (not just from the beginning). Is this feasible ?


Change the getWord function so that rather than searching a prefix, it search a substring. To do this you need to use the string.indexOf method.
Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

#3 phdphd

phdphd

    Advanced Member

  • Members
  • PipPipPip
  • 112 posts

Posted 12 December 2013 - 06:09 PM

Thanks for your answer. I managed to solve it, but still have 2 problems after having implemented case-insensitiveness.

 

The getWord function now looks as follows :

function getWord(beginning)
{
  var words = new Array();
  for (var i=0;i < suggestions.length; ++i)
   {
    var j = -1;
    var correct = 1;
    while (correct == 1 && ++j < beginning.length)
    {
	
	if (suggestions[i].indexOf(beginning.toLowerCase()) === -1)
		{
		if (suggestions[i].indexOf(beginning.toUpperCase()) === -1)
		correct = 0;
		}


	}
    if (correct == 1)
       words[words.length] = suggestions[i];
	   
	   
  }

	return words;

}   

Assuming the "suggestions" are ["Hello","World","Hello World","hELLO"], the issues are :

 

1. Any string representing 2 beginning letters, whatever their case, will match no results. For example, "HE", "He", "hE", "he" do not match "Hello", neither "hELLO", nor "Hello World", whereas "lLo" will match the three of them.

 

2. " w" and " W" will match "Hello World", but "o W" will not.

 

Any idea of how to solve these issues ? Thanks!



#4 phdphd

phdphd

    Advanced Member

  • Members
  • PipPipPip
  • 112 posts

Posted 13 December 2013 - 05:20 AM

I nearly found the solution by replacing the while loop contents with the following

    var str1 = suggestions[i];
    var str2 = beginning;
    var str2 = str2.replace(/\*/g, "");
    var re = new RegExp(str2,"i");
    if (str1.search(re) == -1) {
    correct = 0;
    }


However there is still an issue with the * character. If the user types "*", all the suggestions are displayed.

 

Without the line "var str2 = str2.replace(/\*/g, "");", If the user types "*" no suggestion is displayed, but if they type any character followed by "*", then all the suggestions are displayed.

 

I also noticed some similar issues with the use of "?".

 

What I want is to avoid the displaying of all the suggestions if wildcards are typed, or to have them processed as normal characters.

 

Thanks for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com