I have a search query from the user and I want to process it

Question

0

Asked: May 28, 20262026-05-28T05:11:14+00:00 2026-05-28T05:11:14+00:00

I have a search query from the user and I want to process it

0

I have a search query from the user and I want to process it before applying to browser. since I’m using SEO with htaccess and the search url looks like this : /search/[user query] I should do something to prevent user from doing naughty things.. 🙂 Like searching ../include/conf.php which will result in giving away my configuration file. I want to process the query like removing spaces, removing dots(which will cause problems), commas,etc.

var q = document.getElementById('q').value;
var q = q.replace(/ /gi,"+");
var q = q.replace(/../gi,"");
document.location='search/'+q;

the first replace works just fine but the second one messes with my query.. any solution to replacing this risky characters safely?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T05:11:15+00:00

Editorial Team

2026-05-28T05:11:15+00:00Added an answer on May 28, 2026 at 5:11 am

So if I disable JavaScript or use curl I still can do “naughty things“? On the client side do the sanity escaping with:

encodeURIComponent(document.getElementById('q').value)

and leave security checks to the server. You would be amazed what malicious user can do (using some escape sequences instead of plain . is the simplest example).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a search query from the user and I want to process it

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply