From d5eea2549d1d44fff45390cbfd8d9518049bb681 Mon Sep 17 00:00:00 2001
From: David Kaltschmidt <david.kaltschmidt@gmail.com>
Date: Wed, 4 May 2016 17:59:21 +0200
Subject: [PATCH] Sanitize inputs

Try regexp, escape if invalid
---
 client/app/scripts/utils/search-utils.js | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/client/app/scripts/utils/search-utils.js b/client/app/scripts/utils/search-utils.js
index 5da86bc79..4ec786dd3 100644
--- a/client/app/scripts/utils/search-utils.js
+++ b/client/app/scripts/utils/search-utils.js
@@ -18,6 +18,14 @@ const COMPARISONS_REGEX = new RegExp(`[${COMPARISONS.keySeq().toJS().join('')}]`
 
 const PREFIX_DELIMITER = ':';
 
+function makeRegExp(expression, options = 'i') {
+  try {
+    return new RegExp(expression, options);
+  } catch (e) {
+    return new RegExp(_.escapeRegExp(expression), options);
+  }
+}
+
 function parseValue(value) {
   let parsed = parseFloat(value);
   if (_.endsWith(value, 'KB')) {
@@ -34,14 +42,14 @@ function parseValue(value) {
 
 function matchPrefix(label, prefix) {
   if (label && prefix) {
-    return (new RegExp(prefix, 'i')).test(slugify(label));
+    return (makeRegExp(prefix)).test(slugify(label));
   }
   return false;
 }
 
 function findNodeMatch(nodeMatches, keyPath, text, query, prefix, label) {
   if (!prefix || matchPrefix(label, prefix)) {
-    const queryRe = new RegExp(query, 'i');
+    const queryRe = makeRegExp(query);
     const matches = text.match(queryRe);
     if (matches) {
       const firstMatch = matches[0];