[enh] central html escaping of results

2016-12-09 19:10:33 +01:00 · 2016-12-09 19:10:33 +01:00 · ef2ef7974a
parent 7e1f27e459
commit ef2ef7974a
1 changed files with 4 additions and 3 deletions
--- a/searx/webapp.py
+++ b/searx/webapp.py
@ -40,7 +40,7 @@ except:
    logger.critical("cannot import dependency: pygments")
    from sys import exit
    exit(1)
-
+from cgi import escape
 from datetime import datetime, timedelta
 from urllib import urlencode
 from urlparse import urlparse, urljoin
@ -433,8 +433,9 @@ def index():
    for result in results:
        if output_format == 'html':
            if 'content' in result and result['content']:
-                result['content'] = highlight_content(result['content'][:1024], search_query.query.encode('utf-8'))
-            result['title'] = highlight_content(result['title'], search_query.query.encode('utf-8'))
+                result['content'] = highlight_content(escape(result['content'][:1024]),
+                                                      search_query.query.encode('utf-8'))
+            result['title'] = highlight_content(escape(result['title']), search_query.query.encode('utf-8'))
        else:
            if result.get('content'):
                result['content'] = html_to_text(result['content']).strip()