f"@text:({query_str})" with the parenthesis included.query_str = query_str.replace('(', '').replace(')', '')DIALECT 2With DIALECT 2, inside the text expression parentheses, no other sub-query is allowed. The query could only be an intersection or a union of terms.
By stripping any parentheses, you eliminate the possibility that someone will
try to use a command like opener) @injection:... (closer.
Besides that, you should parse the user input further. It's hard to believe the user input will match what they want to find without you parsing their input. Do you want to add | between terms to match any document which contains at least one of them and not only all? Should you mark some terms as optional so they won't disqualify a document if they are missing from it?