correctly quote display name in html search result

2026-02-16 15:47:58 +00:00 · 2015-02-03 23:12:21 +01:00
parent 7769b0a823
commit b145dadd63
1 changed files with 1 additions and 1 deletions
--- a/lib/template/search-html.php
+++ b/lib/template/search-html.php
@@ -199,7 +199,7 @@ target="_blank">FAQ</a></td>
 		}

 		echo (isset($aResult['icon'])?'<img alt="icon" src="'.$aResult['icon'].'"/>':'');
-		echo ' <span class="name">'.$aResult['name'].'</span>';
+		echo ' <span class="name">'.htmlspecialchars($aResult['name']).'</span>';
 		echo ' <span class="latlon">'.round($aResult['lat'],3).','.round($aResult['lon'],3).'</span>';
 		echo ' <span class="place_id">'.$aResult['place_id'].'</span>';
 		if (isset($aResult['label']))