Vulnerability in EPiServer.Forms
Currently when user search with number and if that matches with "ContentLink Id" of catalog variant/product then that variant/product get returned as a search result. How can I avoid that "ContentLink Id" is being searched from my query?
Below is my sample query used to get products -
Note - Find version I am using : 18.104.22.168
Thanks in advance.
I assume you are using UnifiedSearch? How does your "SearchText" field look in the index? You can try to exclude field from indexing by:
SearchClient.Instance.Conventions.ForInstancesOf<YourISearchContentType>().ExcludeField(x => x.SearchHitUrl);
Thanks for the response. I am sorry I didn't mention search type we used.
We are using typed search and as per the requirement I received, we have to excluded few properties specifically for product search query and not for all other queries. We need those properties in other search queries or we can say we require those preoperies for business logic but should not be used for any search query.
I know there are two option to exclude specific properties from search -
But in both scenario we can't use this property for any of the search query. Other approach is to use InField for selected properties to search but that is affecting stemming and synonyms results.
I would appreciate if you could find any workaround to exclude properties from specific search query.
In that case I would go with InField() using fields you want to be searched. In terms of stemming, documentation states that it does not work for AllField, but it will work if you do something similar to this:
var searchResult = client.Search<BlogPost>()
.InField(x => x.Title)
.InField(x => x.Content)
Synonyms should also work.
I agree with Mari to go with InField(), since you will have stemming support on those.
Just a side note to clarify: .InField() can be combined with .InAllField() and stemming will still be supported for all explicit fields.
Hi Mari & Mattias,
Thank you for your suggestions.
We used InField() and stemming also working fine now. We had used InField() before too but stemming was not working so we investigated further and found that most of the field content whether it would be product name, code, portfolio or brand had either special characters or trademark symbols in it.
So we did stripping on those fields (which we had decided for InField()) and added those to Index so that we will have stripped content of field values in Index. We used new stripped fields for InField() and everything working fine now. Also we pass stripped search term to the query too.
.InField(x => x.DisplayName)
.AndInField(x => x.StrippedName())
.AndInField(x => x.StrippedAlternateName())
.AndInField(x => x.StrippedKeywords())
.AndInField(x => x.StrippedSummary())
For stripping we used regex - Regex(@"[^a-zA-Z.\d\s]"