Ampersand in search request triggers bad request

[johngrimes]

Expected behaviour

• When I paste the following text into the quick search box, I expect to see either a set of results, or a message reporting no results found: "follitropin alfa 150 units (10.92 microgram) lutropin alfa 75 units injection [1 vial] (&) inert substance diluent [1 mL vial], 1 pack"

Actual behaviour

• An error occurs: "Bad Request"

Steps to reproduce

• Type the following text into the quick search box: "follitropin alfa 150 units (10.92 microgram) lutropin alfa 75 units injection [1 vial] (&) inert substance diluent [1 mL vial], 1 pack"

Environment

• Chrome 69.0.3497, Windows 10

See https://sentry.io/share/issue/17854fb4bf23468587868373cd5a5037/ for further details.

[dionmcm]

Looks like the ampersand isn't being escaped properly in the client code.

[johngrimes]

@dionmcm Even when I escape it properly, the results seem to be wrong.

This request:

curl 'https://medserve.online/fhir/Medication?status=active,inactive,entered-in-error&_text=follitropin%20alfa%20150%20units%20(10.92%20microgram)%20lutropin%20alfa%2075%20units%20injection%20%5B1%20vial%5D%20(%26)%20inert%20substance%20diluent%20%5B1%20mL%20vial%5D,%201%20pack&_summary=true&_count=100' -H 'Accept: application/fhir+json' -H 'Referer: http://localhost:3000/Medication/941621000168101' -H 'Origin: http://localhost:3000' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.53 Safari/537.36' -H 'DNT: 1' --compressed

Returns this as the first result:

Metformin (AS) 1 g film-coated tablet, 30, blister pack

I'll fix the escaping issue anyway, just want to check whether this is an issue that needs to be raised on https://github.com/AuDigitalHealth/medserve.