Sanitize ng-init for search.query.

2013-05-09 12:37:19 -04:00 · 2013-05-09 12:37:19 -04:00 · 8c33d30ffe
parent a937b4f78b
commit 8c33d30ffe
2 changed files with 2 additions and 2 deletions
--- a/templates/base.html
+++ b/templates/base.html
@ -79,7 +79,7 @@
                    <fieldset>
                        <div class="fields">
                            <input ng-model="search.query" type="text" class="search-query" name="q"
-                                   ng-init="search.query='{{ query }}'"
+                                   ng-init="search.query='{{ query|escapejs }}'"
                                   placeholder="Search snipts" id="id_q"
                                   value="{{ query }}" />
                        </div>
--- a/templates/search/search.html
+++ b/templates/search/search.html
@ -24,7 +24,7 @@
    <div class="static-box {% if page.object_list|length > 0 %}has-snipts{% endif %}">
        <form method="get" class="form-search" action="." ng-controller="SearchController">
            <input ng-model="search.query" type="text" class="search-query" name="q"
-                   ng-init="search.query='{{ query }}'"
+                   ng-init="search.query='{{ query|escapejs }}'"
                   placeholder="Search snipts" id="id_q"
                   value="{{ query }}" />
            {% if request.user.profile.is_pro %}