From e36440f8348bc43cf6bb78a2473196f00f49f8f7 Mon Sep 17 00:00:00 2001
From: rembo10 <rembo10@headphones>
Date: Sat, 4 Jul 2015 23:53:03 -0700
Subject: [PATCH] Fix for XSS bug when searching

---
 headphones/webserve.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/headphones/webserve.py b/headphones/webserve.py
index 0edc50c1..23772a9a 100644
--- a/headphones/webserve.py
+++ b/headphones/webserve.py
@@ -32,6 +32,7 @@ import random
 import urllib
 import json
 import time
+import cgi
 import sys
 import os
 
@@ -149,7 +150,7 @@ class WebInterface(object):
             searchresults = mb.findRelease(name, limit=100)
         else:
             searchresults = mb.findSeries(name, limit=100)
-        return serve_template(templatename="searchresults.html", title='Search Results for: "' + name + '"', searchresults=searchresults, name=name, type=type)
+        return serve_template(templatename="searchresults.html", title='Search Results for: "' + cgi.escape(name) + '"', searchresults=searchresults, name=cgi.escape(name), type=type)
 
     @cherrypy.expose
     def addArtist(self, artistid):