I noticed that HighlightPhase.java hardcodes the use of
DefaultEncoder, which does not escape the text before adding highlight
tags.
I know that Lucene supports HTML encoding, so is there a chance to
support it in ElasticSearch?
The problem is critical for highlighting plain-text fields. If you
escape a field after highlighting (on client), highlight tags will be
escaped as well. Note that all user-provided content HAS to be escaped
if you display it inside HTML page.
I noticed that HighlightPhase.java hardcodes the use ofDefaultEncoder, which does not escape the text before adding highlight
tags.
I know that Lucene supports HTML encoding, so is there a chance to
support it in Elasticsearch?
The problem is critical for highlighting plain-text fields. If you
escape a field after highlighting (on client), highlight tags will be
escaped as well. Note that all user-provided content HAS to be escaped
if you display it inside HTML page.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.