From e6b50128e4a16fbe11026885a84aefdd4f8a382e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Weber?= <mail@soeren-weber.de>
Date: Thu, 31 Aug 2023 12:34:23 +0200
Subject: [PATCH] theme: fix snyk code issues #633

---
 static/js/search.js | 3 ++-
 static/js/theme.js  | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/static/js/search.js b/static/js/search.js
index 436ee653d6..6904e8ca45 100644
--- a/static/js/search.js
+++ b/static/js/search.js
@@ -158,7 +158,8 @@ function initLunrJs() {
 function search(term) {
     // Find the item in our index corresponding to the Lunr one to have more info
     // Remove Lunr special search characters: https://lunrjs.com/guides/searching.html
-    var searchTerm = lunr.tokenizer(term.replace(/[*:^~+-]/, ' ')).reduce( function(a,token){return a.concat(searchPatterns(token.str))}, []).join(' ');
+    term = term.replace( /[*:^~+-]/g, ' ' );
+    var searchTerm = lunr.tokenizer( term ).reduce( function(a,token){return a.concat(searchPatterns(token.str))}, []).join(' ');
     return !searchTerm || !lunrIndex ? [] : lunrIndex.search(searchTerm).map(function(result) {
         return { index: result.ref, matches: Object.keys(result.matchData.metadata) }
     });
diff --git a/static/js/theme.js b/static/js/theme.js
index d736654298..ca0f61a90a 100644
--- a/static/js/theme.js
+++ b/static/js/theme.js
@@ -37,6 +37,10 @@ var psm;
 var pst;
 var elc = document.querySelector('#body-inner');
 
+function regexEscape( s ){
+    return s.replace( /[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&' );
+}
+
 function documentFocus(){
     elc.focus();
     psc && psc.scrollbarY.focus();
@@ -1082,6 +1086,7 @@ function scrollToPositions() {
 
     var search = sessionStorage.getItem( baseUriFull+'search-value' );
     if( search && search.length ){
+        search = regexEscape( search );
         var found = elementContains( search, elc );
         var searchedElem = found.length && found[ 0 ];
         if( searchedElem ){
@@ -1169,7 +1174,7 @@ function highlight( es, words, options ){
         return word != '';
     });
     words = words.map( function( word, i ){
-        return word.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
+        return regexEscape( word );
     });
     if( words.length == 0 ){ return this; }