1 files changed, 12 insertions, 0 deletions
diff --git a/chimere/views.py b/chimere/views.py
index 5999af7..0afb6fa 100644
--- a/chimere/views.py
+++ b/chimere/views.py
@@ -938,8 +938,20 @@ def rss(request, area_name=''):
 from django.core.paginator import Paginator, InvalidPage
 
 SearchView = None
+autocomplete = None
 if hasattr(settings, 'CHIMERE_SEARCH_ENGINE') \
    and settings.CHIMERE_SEARCH_ENGINE:
     from haystack.views import SearchView as HaystackSearchView
+    from haystack.query import SearchQuerySet
     class SearchView(HaystackSearchView):
         pass
+    def autocomplete(request):
+        sqs = SearchQuerySet().autocomplete(
+                                content_auto=request.GET.get('q', ''))[:5]
+        suggestions = [result.object.name for result in sqs]
+        # make sure it returns a JSON object, not a bare list.
+        # otherwise, it could be vulnerable to an XSS attack.
+        the_data = json.dumps({
+            'results': suggestions
+        })
+        return HttpResponse(the_data, content_type='application/json')