From 14f111c2e3f20f563dfbe17181f77bfaa9cd57ef Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Sun, 28 Aug 2016 18:38:15 +0300
Subject: Tags: should be escaped in db and unescaped in templates

---
 juick-www/src/main/java/com/juick/www/Home.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'juick-www/src/main/java/com/juick/www/Home.java')

diff --git a/juick-www/src/main/java/com/juick/www/Home.java b/juick-www/src/main/java/com/juick/www/Home.java
index e11ed6f4..462c47bb 100644
--- a/juick-www/src/main/java/com/juick/www/Home.java
+++ b/juick-www/src/main/java/com/juick/www/Home.java
@@ -19,6 +19,7 @@ package com.juick.www;
 
 import com.juick.server.AdsQueries;
 import com.juick.server.MessagesQueries;
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.springframework.jdbc.core.JdbcTemplate;
 
 import javax.servlet.ServletException;
@@ -55,7 +56,7 @@ public class Home {
 
         String paramShow = request.getParameter("show");
         if (paramSearch != null) {
-            title = "Поиск: " + Utils.encodeHTML(paramSearch);
+            title = "Поиск: " + StringEscapeUtils.escapeHtml4(paramSearch);
             mids = MessagesQueries.getSearch(sql, sqlSearch, Utils.encodeSphinx(paramSearch), paramBefore);
         } else if (paramShow == null) {
             if (visitor.getUID() > 0) {
-- 
cgit v1.2.3