From f2252568f63a2d9162edaff2defc3155a5e75156 Mon Sep 17 00:00:00 2001
From: Saurabh <saurabh6790@gmail.com>
Date: Tue, 5 Dec 2017 16:07:17 +0530
Subject: [PATCH] [fix] sanitize input on search page (#4565)

---
 frappe/www/search.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/frappe/www/search.py b/frappe/www/search.py
index d9027da77c..baf2be4e63 100644
--- a/frappe/www/search.py
+++ b/frappe/www/search.py
@@ -3,10 +3,12 @@ import frappe
 from frappe.utils.global_search import web_search
 from html2text import html2text
 from frappe import _
+from jinja2 import utils
 
 def get_context(context):
 	context.no_cache = 1
 	if frappe.form_dict.q:
+		frappe.form_dict.q = str(utils.escape(frappe.form_dict.q))
 		context.title = _('Search Results for "{0}"').format(frappe.form_dict.q)
 		context.update(get_search_results(frappe.form_dict.q))
 	else: