From 3ed0652febddb46b243478d5d12e0f12004488a4 Mon Sep 17 00:00:00 2001
From: Scott <scott@scottbm.me>
Date: Mon, 12 Feb 2018 05:20:55 +1300
Subject: [PATCH] Fixed: XSS vulnerability in the navbar search. (#2505)

Fixes #2503
---
 src/UI/Navbar/Search.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/UI/Navbar/Search.js b/src/UI/Navbar/Search.js
index a4ed2765e..b694687e9 100644
--- a/src/UI/Navbar/Search.js
+++ b/src/UI/Navbar/Search.js
@@ -30,7 +30,9 @@ $.fn.bindSearch = function() {
         },
         templates  : {
           empty : function(input) {
-            return '<div class="tt-dataset-series"><span class="tt-suggestions" style="display: block;"><div class="tt-suggestion"><p style="white-space: normal;"><a class="no-movies-found" href="/addmovies/search/' + input.query + '">Search for "' + input.query + '"</a></p></div></span></div>';
+            var escapedQuery = _.escape(input.query);
+
+            return "<div class='tt-dataset-series'><span class='tt-suggestions' style='display: block;'><div class='tt-suggestion'><p style='white-space: normal;'><a class='no-movies-found' href='/addmovies/search/'" + escapedQuery + "'>Search for " + escapedQuery + "</a></p></div></span></div>";
           },
         },
         source     : substringMatcher()