From 19e6658bc182403feb321a416471d19b92161441 Mon Sep 17 00:00:00 2001
From: Benjamin Southall <applemansigloo@gmail.com>
Date: Thu, 8 Jun 2017 08:11:18 +0900
Subject: [PATCH]  Merge pull request from vichan-devel/vichan#230 from
 antedeguemon/master Fixed XSS in post edit page and modsearch, this is a
 partial merge of just modsearch, we already fixed the edit post escaping
 earlier.

---
 templates/mod/search_results.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/mod/search_results.html b/templates/mod/search_results.html
index 186ee5db..abaad703 100644
--- a/templates/mod/search_results.html
+++ b/templates/mod/search_results.html
@@ -224,7 +224,7 @@
 							<a class="email" href="mailto:{{ post.email }}">
 						{% endif %}
 						{% set capcode = post.capcode|capcode %}
-						<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name }}</span>
+						<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name|e }}</span>
 						{% if post.trip|length > 0 %}
 							<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
 						{% endif %}
@@ -239,7 +239,7 @@
 				</td>
 				<td style="max-width:250px">
 					{% if post.subject %}
-						<small>{{ post.subject }}</small>
+						<small>{{ post.subject|e }}</small>
 					{% else %}
 						&ndash;
 					{% endif %}