Closed amureki closed 8 years ago
I'd be tempted to just add '&' to the list of removed characters, and perform a .strip() on the final result. Since & seems to have meaning to postgres queries, removing it entirely is probably safer. Otherwise, what if there's two in a row, or other such silliness?
@etianen I guess, you're right. Updated commit. :)
Thanks! This stuff is tricky to get right, as it runs the risk of allowing potential SQL injection!
According to https://github.com/etianen/django-watson/pull/161 conversation, I just added ampersand symbol stripping.