diff options
Diffstat (limited to 'web/viewsjs')
| -rw-r--r-- | web/viewsjs/search.js.erb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/viewsjs/search.js.erb b/web/viewsjs/search.js.erb index 195f2fc..d09afd7 100644 --- a/web/viewsjs/search.js.erb +++ b/web/viewsjs/search.js.erb @@ -5,7 +5,7 @@ %> function highlight(str, query) { - return str.replace(new RegExp('(' + query + ')', 'gi'), "<b>$1</b>") + return html_escape(str).replace(new RegExp('(' + html_escape(query) + ')', 'gi'), "<b>$1</b>"); } function link_to_key_with_highlight(key, query) { @@ -107,7 +107,7 @@ var create_flexigrid_for = { return { 'cell': [ fmt_with_ts(row.count_all), link_to_rtype(row.rtype), - highlight(html_escape(row.role), query) + highlight(row.role, query) ] }; }); return data; |