From 15daae0a3632b5bfd199fa2976e21835d8af8ef4 Mon Sep 17 00:00:00 2001
From: Hannes Mannerheim <h@nnesmannerhe.im>
Date: Tue, 20 Jan 2015 14:45:42 +0100
Subject: [PATCH] stop xss in search #71

---
 js/dom-functions.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/dom-functions.js b/js/dom-functions.js
index 22825fb..9e31d49 100644
--- a/js/dom-functions.js
+++ b/js/dom-functions.js
@@ -802,7 +802,7 @@ function getStreamFromUrl() {
 						
 	// {domain}/search/notice?q={urlencoded searh terms}
 	else if (loc.indexOf('/search/notice?q=')>-1) {
-		var searchToStream = loc.replace('/search/notice?q=','');
+		var searchToStream = replaceHtmlSpecialChars(loc.replace('/search/notice?q=',''));
 		if(searchToStream.length>0) {
 			streamToSet = 'search.json?q=' + searchToStream;
 			}