fix: avoid problematic double-escaping of " in LIKE clauses (used i…

…n multi-entry searches)

Also:
- fix: for at least one-extra-level-nested array keys, ensure proper encoding
    occurs (to ensure `get` requests work properly with them)

CHANGES.md

@@ -1,5 +1,12 @@
 # CHANGES for indexeddbshim
 
+## 15.2.0
+
+- fix: avoid problematic double-escaping of `"` in LIKE clauses (used in
+    multi-entry searches)
+- fix: for at least one-extra-level-nested array keys, ensure proper encoding
+    occurs (to ensure `get` requests work properly with them)
+
 ## 15.1.0
 
 - fix: actually include TS fixes

dist/indexeddbshim-UnicodeIdentifiers-node.cjs

@@ -1,4 +1,4 @@
-/*! indexeddbshim - v15.0.4 - 9/11/2024 */
+/*! indexeddbshim - v15.2.0 - 9/11/2024 */
 
 'use strict';
 
@@ -1313,12 +1313,13 @@ function escapeIndexNameForSQLKeyColumn(index) {
 }
 
 /**
+ * @todo Didn't need to escape `%`. Do we still need this escape?
  * @param {string} str
  * @returns {string}
  */
 function sqlLIKEEscape(str) {
   // https://www.sqlite.org/lang_expr.html#like
-  return sqlEscape(str).replaceAll('^', '^^');
+  return str.replaceAll('^', '^^');
 }
 
 /**
@@ -7151,8 +7152,11 @@ function executeFetchIndexData(count, unboundedDisallowed, index, hasKey, range,
          */
         check => rowKey.includes(check)) ||
         // More precise than our SQL
-        isMultiEntryMatch(/** @type {string} */
-        encodedKey, row[escapedIndexNameForKeyCol]))) {
+        isMultiEntryMatch(
+        // Added `JSON.stringify` as was having problems with
+        //        `JSON.stringify` encoding added to nested
+        //        array keys
+        JSON.stringify(encodedKey).slice(1, -1), row[escapedIndexNameForKeyCol]))) {
           recordCount++;
           record = row;
         } else if (!hasKey && !multiChecks) {
@@ -7225,7 +7229,13 @@ function buildFetchIndexDataSQL(nullDisallowed, index, range, opType, multiCheck
       sql.push(')');
     } else if (index.multiEntry) {
       sql.push('AND', escapeIndexNameForSQL(index.name), "LIKE ? ESCAPE '^'");
-      sqlValues.push('%' + sqlLIKEEscape(/** @type {string} */encode$1(range, index.multiEntry)) + '%');
+      if (Array.isArray(range)) {
+        // Todo: For nesting deeper than one level, we probably need to
+        //         run `JSON.stringify` again
+        sqlValues.push('%' + sqlLIKEEscape(JSON.stringify(/** @type {string} */encode$1(range, index.multiEntry)).slice(1, -1)) + '%');
+      } else {
+        sqlValues.push('%' + sqlLIKEEscape(/** @type {string} */encode$1(range, index.multiEntry)) + '%');
+      }
     } else {
       const convertedRange = convertValueToKeyRange(range, nullDisallowed);
       setSQLForKeyRange(convertedRange, escapeIndexNameForSQL(index.name), sql, sqlValues, true, false);

dist/indexeddbshim-node.cjs

@@ -1,4 +1,4 @@
-/*! indexeddbshim - v15.0.4 - 9/11/2024 */
+/*! indexeddbshim - v15.2.0 - 9/11/2024 */
 
 'use strict';
 
@@ -1313,12 +1313,13 @@ function escapeIndexNameForSQLKeyColumn(index) {
 }
 
 /**
+ * @todo Didn't need to escape `%`. Do we still need this escape?
  * @param {string} str
  * @returns {string}
  */
 function sqlLIKEEscape(str) {
   // https://www.sqlite.org/lang_expr.html#like
-  return sqlEscape(str).replaceAll('^', '^^');
+  return str.replaceAll('^', '^^');
 }
 
 /**
@@ -7151,8 +7152,11 @@ function executeFetchIndexData(count, unboundedDisallowed, index, hasKey, range,
          */
         check => rowKey.includes(check)) ||
         // More precise than our SQL
-        isMultiEntryMatch(/** @type {string} */
-        encodedKey, row[escapedIndexNameForKeyCol]))) {
+        isMultiEntryMatch(
+        // Added `JSON.stringify` as was having problems with
+        //        `JSON.stringify` encoding added to nested
+        //        array keys
+        JSON.stringify(encodedKey).slice(1, -1), row[escapedIndexNameForKeyCol]))) {
           recordCount++;
           record = row;
         } else if (!hasKey && !multiChecks) {
@@ -7225,7 +7229,13 @@ function buildFetchIndexDataSQL(nullDisallowed, index, range, opType, multiCheck
       sql.push(')');
     } else if (index.multiEntry) {
       sql.push('AND', escapeIndexNameForSQL(index.name), "LIKE ? ESCAPE '^'");
-      sqlValues.push('%' + sqlLIKEEscape(/** @type {string} */encode$1(range, index.multiEntry)) + '%');
+      if (Array.isArray(range)) {
+        // Todo: For nesting deeper than one level, we probably need to
+        //         run `JSON.stringify` again
+        sqlValues.push('%' + sqlLIKEEscape(JSON.stringify(/** @type {string} */encode$1(range, index.multiEntry)).slice(1, -1)) + '%');
+      } else {
+        sqlValues.push('%' + sqlLIKEEscape(/** @type {string} */encode$1(range, index.multiEntry)) + '%');
+      }
     } else {
       const convertedRange = convertValueToKeyRange(range, nullDisallowed);
       setSQLForKeyRange(convertedRange, escapeIndexNameForSQL(index.name), sql, sqlValues, true, false);

dist/util.d.ts

@@ -40,6 +40,7 @@ export function escapeIndexNameForSQL(index: string): string;
  */
 export function escapeIndexNameForSQLKeyColumn(index: string): string;
 /**
+ * @todo Didn't need to escape `%`. Do we still need this escape?
  * @param {string} str
  * @returns {string}
  */