From 676a9a7e287655342ac0683dedce0c69a984465e Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 7 Jan 2013 11:32:12 +0200
Subject: [PATCH] Fix xss vulnerability

---
 app/views/search/show.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/search/show.html.haml b/app/views/search/show.html.haml
index 8448193..ddcef44 100644
--- a/app/views/search/show.html.haml
+++ b/app/views/search/show.html.haml
@@ -88,5 +88,5 @@
                   %h4.nothing_here_message No wiki pages
   :javascript
     $(function() {
-      $(".search_results .term").highlight("#{params[:search]}");
+      $(".search_results .term").highlight("#{escape_javascript(params[:search])}");
     })
--
libgit2 0.21.2