diff --git a/frappe/www/search.py b/frappe/www/search.py
index d9027da77c..baf2be4e63 100644
--- a/frappe/www/search.py
+++ b/frappe/www/search.py
@@ -3,10 +3,12 @@ import frappe
 from frappe.utils.global_search import web_search
 from html2text import html2text
 from frappe import _
+from jinja2 import utils
 
 def get_context(context):
 	context.no_cache = 1
 	if frappe.form_dict.q:
+		frappe.form_dict.q = str(utils.escape(frappe.form_dict.q))
 		context.title = _('Search Results for "{0}"').format(frappe.form_dict.q)
 		context.update(get_search_results(frappe.form_dict.q))
 	else: