From 65e31493a9c5c921431d18d2487a2994c7f7285c Mon Sep 17 00:00:00 2001
From: Peter Jaszkowiak <p.jaszkow@gmail.com>
Date: Mon, 24 Apr 2017 11:40:39 -0600
Subject: [PATCH] Escape ACP search values

---
 public/src/admin/modules/search.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/public/src/admin/modules/search.js b/public/src/admin/modules/search.js
index 7694b21b3a..0df7b7b385 100644
--- a/public/src/admin/modules/search.js
+++ b/public/src/admin/modules/search.js
@@ -73,7 +73,7 @@ define('admin/modules/search', ['mousetrap'], function (mousetrap) {
 			if (!selected.length) {
 				selected = menu.find('li.result > a').first().attr('href');
 			}
-			var href = selected || config.relative_path + '/search?in=titlesposts&term=' + input.val();
+			var href = selected || config.relative_path + '/search?in=titlesposts&term=' + escape(input.val());
 
 			ajaxify.go(href.replace(/^\//, ''));
 
@@ -140,9 +140,9 @@ define('admin/modules/search', ['mousetrap'], function (mousetrap) {
 				menu.find('.search-forum')
 					.not('.divider')
 					.find('a')
-					.attr('href', config.relative_path + '/search?in=titlesposts&term=' + value)
+					.attr('href', config.relative_path + '/search?in=titlesposts&term=' + escape(value))
 					.find('strong')
-					.html(value);
+					.text(value);
 			} else {
 				menu.removeClass('state-no-results state-yes-results');
 			}