From b40b3b47ed69cd2f130958eb733ad7e9efa996a7 Mon Sep 17 00:00:00 2001
From: Kevin Adams <kevin@buttercoin.com>
Date: Wed, 8 Oct 2014 16:38:46 -0700
Subject: [PATCH] fixed XSS vuln in searchbox

---
 source/javascripts/app/search.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/source/javascripts/app/search.js b/source/javascripts/app/search.js
index cb81989..a7ed873 100644
--- a/source/javascripts/app/search.js
+++ b/source/javascripts/app/search.js
@@ -53,7 +53,7 @@
         });
         highlight.call(this);
       } else {
-        searchResults.html('<li>No Results Found for "' + this.value + '"</li>');
+        searchResults.html('<li>No Results Found for "' + this.value.escapeHTML() + '"</li>');
       }
     } else {
       unhighlight();
@@ -69,4 +69,19 @@
     content.unhighlight(highlightOpts);
   }
 
+  var __entityMap = {
+    "&": "&amp;",
+    "<": "&lt;",
+    ">": "&gt;",
+    '"': '&quot;',
+    "'": '&#39;',
+    "/": '&#x2F;'
+  };
+
+  String.prototype.escapeHTML = function() {
+      return String(this).replace(/[&<>"'\/]/g, function (s) {
+        return __entityMap[s];
+      });
+  }
+
 })(window);