html search: add safety check before index property accesses (#13153)

CHANGES.rst

@@ -29,6 +29,8 @@ Bugs fixed
 * LaTeX: fix a ``7.4.0`` typo in a default for ``\sphinxboxsetup``
   (refs: PR #13152).
   Patch by Jean-François B.
+* #13096: HTML Search: check that query terms exist as properties in
+  term indices before accessing them.
 
 Testing
 -------

sphinx/themes/basic/static/searchtools.js

@@ -513,9 +513,11 @@ const Search = {
     // perform the search on the required terms
     searchTerms.forEach((word) => {
       const files = [];
+      // find documents, if any, containing the query word in their text/title term indices
+      // use Object.hasOwnProperty to avoid mismatching against prototype properties
       const arr = [
-        { files: terms[word], score: Scorer.term },
-        { files: titleTerms[word], score: Scorer.title },
+        { files: terms.hasOwnProperty(word) ? terms[word] : undefined, score: Scorer.term },
+        { files: titleTerms.hasOwnProperty(word) ? titleTerms[word] : undefined, score: Scorer.title },
       ];
       // add support for partial matches
       if (word.length > 2) {

tests/js/searchtools.spec.js

@@ -209,6 +209,19 @@ describe('Basic html theme search', function() {
 
   });
 
+  describe('can handle edge-case search queries', function() {
+
+    it('does not find the javascript prototype property in unrelated documents', function() {
+      eval(loadFixture("partial/searchindex.js"));
+
+      searchParameters = Search._parseQuery('__proto__');
+
+      hits = [];
+      expect(Search._performSearch(...searchParameters)).toEqual(hits);
+    });
+
+  });
+
 });
 
 describe("htmlToText", function() {