[fix] server side error: escape backslashes in the query highlight_content

Any backslash escapes in the replacement are processed [1], backslashes should
be escaped [2].

[1] https://docs.python.org/3/library/re.html#re.sub
[2] https://docs.python.org/3/library/re.html#re.escape

closes:
- https://github.com/searxng/searxng/issues/2256
- https://github.com/searxng/searxng/issues/2250
This commit is contained in:
Solirs 2023-03-16 20:29:14 +01:00 committed by Markus Heiser
parent 3e9cddc606
commit fbb0e9d275

View file

@ -174,7 +174,9 @@ def highlight_content(content, query):
queries.extend(re.findall(regex_highlight_cjk(qs), content, flags=re.I | re.U)) queries.extend(re.findall(regex_highlight_cjk(qs), content, flags=re.I | re.U))
if len(queries) > 0: if len(queries) > 0:
for q in set(queries): for q in set(queries):
content = re.sub(regex_highlight_cjk(q), f'<span class="highlight">{q}</span>', content) content = re.sub(
regex_highlight_cjk(q), f'<span class="highlight">{q}</span>'.replace('\\', r'\\'), content
)
return content return content