From 31b71eb244bb72dff7d1675f24e6779912da2554 Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Wed, 7 Jun 2017 16:22:36 +0200
Subject: [PATCH] Escape text when presenting search results

---
 src/scripts/tutti/4_search.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/scripts/tutti/4_search.js b/src/scripts/tutti/4_search.js
index 867beddf..cff0924f 100644
--- a/src/scripts/tutti/4_search.js
+++ b/src/scripts/tutti/4_search.js
@@ -28,6 +28,10 @@ $(document).ready(function() {
 					hitPicture += (hit.media ? '<i class="pi-' + hit.media + '"></i>' : '<i class="dark pi-'+ hit.node_type + '"></i>');
 					hitPicture += '</div>';
 				};
+				var $span = $('<span>').addClass('project').text(hit.project.name);
+				var $searchHitName = $('<div>').addClass('search-hit-name')
+					.attr('title', hit.name)
+					.text(hit.name);
 
 				return '' +
 					'<a href="/nodes/'+ hit.objectID + '/redir" class="search-site-result" id="'+ hit.objectID + '">' +
@@ -36,11 +40,9 @@ $(document).ready(function() {
 								hitPicture +
 								hitFree +
 							'</div>' +
-							'<div class="search-hit-name" title="' + hit.name + '">' +
-								hit.name + ' ' +
-							'</div>' +
+							$searchHitName.html() +
 							'<div class="search-hit-meta">' +
-								'<span class="project">' + hit.project.name + '</span> · ' +
+								$span.html() + ' · ' +
 								'<span class="node_type">' + hit.node_type + '</span>' +
 								hitMedia +
 							'</div>' +