zaclys/searxng
1
0
Fork 1
mirror of https://github.com/searxng/searxng synced 2024-01-01 19:24:07 +01:00
Code Issues Projects Releases Packages Wiki Activity

[fix] proper escaping of the search query in templates

Browse source
This commit is contained in:
Adam Tauber 2016-12-04 23:07:46 +01:00
parent 7986d4cf41
commit 28f12ef5a0
4 changed files with 20 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

10
searx/templates/courgette/results.html
View file

@ -1,6 +1,6 @@
{% extends "courgette/base.html" %}
{% block title %}{{ q }} - {% endblock %}
{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %}
{% block title %}{{ q|e }} - {% endblock %}
{% block meta %}<link rel="alternate" type="application/rss+xml" title="Searx search: {{ q|e }}" href="{{ url_for('index') }}?q={{ q|urlencode }}&amp;format=rss&amp;{% for category in selected_categories %}category_{{ category }}=1&amp;{% endfor %}pageno={{ pageno }}">{% endblock %}
{% block content %}
<div class="right"><a href="{{ url_for('preferences') }}" id="preferences"><span>{{ _('preferences') }}</span></a></div>
<div class="small search center">
@ -17,7 +17,7 @@
{% for output_type in ('csv', 'json', 'rss') %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}">
<div class="left">
<input type="hidden" name="q" value="{{ q }}" />
<input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="format" value="{{ output_type }}" />
{% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/>
@ -62,7 +62,7 @@
{% if pageno > 1 %}
<form method="{{ method or 'POST' }}" action="{{ url_for('index') }}">
<div class="left">
<input type="hidden" name="q" value="{{ q }}" />
<input type="hidden" name="q" value="{{ q|e }}" />
{% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/>
{% endfor %}
@ -76,7 +76,7 @@
{% for category in selected_categories %}
<input type="hidden" name="category_{{ category }}" value="1"/>
{% endfor %}
<input type="hidden" name="q" value="{{ q }}" />
<input type="hidden" name="q" value="{{ q|e }}" />
<input type="hidden" name="pageno" value="{{ pageno+1 }}" />
<input type="submit" value="{{ _('next page') }} >>" />
</div>