You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by abhayd <aj...@hotmail.com> on 2011/10/12 23:15:44 UTC

java script as query term executes in browser

hi 
If u give something like this in query string 
q="'>

then output from solr actually runs the script in browser. Can we avoid
printing back the query sent in error handler?

here is what i see in browser
org.apache.lucene.queryparser.classic.ParseException: Cannot parse '"'>':
Lexical error at line 1, column 31. Encountered: after : "\"\'>"



--
View this message in context: http://lucene.472066.n3.nabble.com/java-script-as-query-term-executes-in-browser-tp3416982p3416982.html
Sent from the Solr - User mailing list archive at Nabble.com.

Re: java script as query term executes in browser

Posted by Chris Hostetter <ho...@fucit.org>.

: If u give something like this in query string 
: q="'>
: 
: then output from solr actually runs the script in browser. Can we avoid
: printing back the query sent in error handler?

you need to provide more details for anyone to have any idea what you are 
talking about.

waht is the request URL in your browser? what does yoru config look like? 
what is the output you are getting.

: here is what i see in browser
: org.apache.lucene.queryparser.classic.ParseException: Cannot parse '"'>':
: Lexical error at line 1, column 31. Encountered: after : "\"\'>"

...there's nothing in that error to suggest the browser is exeucting any 
scripts.  that an error message returnd by Solr indicating that it failed 
to parse your query string (since it's mailformed)


-Hoss