From 1fef49a094e5246f16845b81c4e2cdcf49e9073d Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Wed, 7 Oct 2015 10:52:24 +1100
Subject: [PATCH] SECURITY: XSS in search results term

Thanks to Jerbi Nessim
---
 .../javascripts/discourse/controllers/full-page-search.js.es6   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/controllers/full-page-search.js.es6 b/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
index ee55b5836b..173b14cb50 100644
--- a/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
+++ b/app/assets/javascripts/discourse/controllers/full-page-search.js.es6
@@ -75,7 +75,7 @@ export default Ember.Controller.extend({
         }
       });
     }
-    return q;
+    return Handlebars.Utils.escapeExpression(q);
   },
 
   _searchOnSortChange: true,