NIHVIVO-2425 Apply json-escaping to the query results to prevent JSON format errors

webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java

@@ -29,6 +29,8 @@ import org.apache.lucene.search.TermQuery;
 import org.apache.lucene.search.TopDocs;
 import org.apache.lucene.search.WildcardQuery;
 
+import com.hp.hpl.jena.sparql.lib.org.json.JSONObject;
+
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
@@ -151,7 +153,7 @@ public class AutocompleteController extends VitroAjaxController {
     private Analyzer getAnalyzer(ServletContext servletContext) throws SearchException {
         Object obj = servletContext.getAttribute(LuceneSetup.ANALYZER);
         if( obj == null || !(obj instanceof Analyzer) )
-            throw new SearchException("Could not get anlyzer");
+            throw new SearchException("Could not get analyzer");
         else
             return (Analyzer)obj;        
     }
@@ -292,9 +294,9 @@ public class AutocompleteController extends VitroAjaxController {
         private String label;
         private String uri;
         
-        SearchResult(String label, String value) {
-            this.label = label;
-            this.uri = value;
+        SearchResult(String label, String uri) {
+            this.label = JSONObject.quote(label);
+            this.uri = JSONObject.quote(uri);
         }
         
         public String getLabel() {

webapp/web/templates/freemarker/ajax/autocompleteResults.ftl

@@ -10,7 +10,8 @@
 [ 
 <#if results??>
     <#list results as result>
-        { "label": "${result.label}", "uri": "${result.uri}" }<#if result_has_next>,</#if>       
+        <#-- result.label and result.uri are already quoted -->
+        { "label": ${result.label}, "uri": ${result.uri} }<#if result_has_next>,</#if>       
     </#list>
 </#if>
 ]