XQuery Injection Audit ----

XQuery Injection vulnerabilities can occur because of the use of user-defined input
inside of the xdmp:eval() and xdmp:unquote() functions. This document is meant to
review all uses of these functions inside of lib-search, and discuss the security
level internally.

get-search-results
  $search-string 
  construct-prolog()
  
get-search-estimate
  $search-string 
  construct-prolog()

Test String: teststring-&amp;&amp;quot;&quot;-&*;"-`~!@#$%^*()_+-=[]{}\|';:/.,?(:
lib-parser String: `~!@#$%^&*_+-[]{}\|';"/.,?

-- construct-prolog() --
Constructs a prolog from the namespaces defined in the configuration file

-- $search-string --
<element>.. and <element-attr>..
not text
not value

* Create XQuery injection script for testing