Is there a common practice on quoting/sanitizing the snippets generated by the fts search?
If I have "foo <b> bar lee" in one field and search for bar, the snippet function will return "foo <b> <b>bar</b> lee", which is obvious not what I want and can easily be used for cross-site scripting. I can think about two strategies to avoid this: 1) The first one is to strip out all tags before inserting new text into the virtual table. I don't want to do this, because I have a pure text interface too, where the tags in results won't hurt. 2) Specify two random strings to the snippet function for quoting, eg, snippet(poem, '23453242', '435345345', '...') and use them to split the snippet afterwards and do the sanitizing then. Any other solutions? Maybe the sanitize function has a hidden feature for this? Regards Peter _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
