forked from Ponysearch/Ponysearch
Merge pull request #557 from return42/fix-autocomplete
[fix] route /autocompleter: escape `<` and `>` in the simple theme
This commit is contained in:
commit
3700094f3a
1 changed files with 2 additions and 1 deletions
|
@ -916,6 +916,7 @@ def autocompleter():
|
|||
suggestions = json.dumps([sug_prefix, results])
|
||||
mimetype = 'application/x-suggestions+json'
|
||||
|
||||
if get_current_theme_name() == 'simple':
|
||||
suggestions = escape(suggestions, False)
|
||||
return Response(suggestions, mimetype=mimetype)
|
||||
|
||||
|
|
Loading…
Reference in a new issue