diff --git a/assets/js/theme.js b/assets/js/theme.js
index 72dcd691..3cf17281 100644
--- a/assets/js/theme.js
+++ b/assets/js/theme.js
@@ -30,6 +30,12 @@ class Util {
if (!reserved) element.addEventListener('animationend', handler, false);
}
+ escapeHTML(str) {
+ const div = document.createElement('div');
+ div.textContent = str;
+ return div.innerHTML;
+ }
+
}
class Theme {
@@ -319,10 +325,18 @@ class Theme {
title,
date,
context
- }) => `${title}${date}
${context}
`,
+ }, {
+ query
+ }) => {
+ const safeQuery = this.util.escapeHTML(query);
+ return `${title}${date}
${context}
`;
+ },
empty: ({
query
- }) => `${searchConfig.noResultsFound}: "${query}"
`,
+ }) => {
+ const safeQuery = this.util.escapeHTML(query);
+ return `${searchConfig.noResultsFound}: "${safeQuery}"
`;
+ },
footer: ({}) => {
const {
searchType,
diff --git a/src/js/theme.js b/src/js/theme.js
index c45cfee5..0cd06eca 100644
--- a/src/js/theme.js
+++ b/src/js/theme.js
@@ -26,6 +26,12 @@ class Util {
};
if (!reserved) element.addEventListener('animationend', handler, false);
}
+
+ escapeHTML(str) {
+ const div = document.createElement('div');
+ div.textContent = str;
+ return div.innerHTML;
+ }
}
class Theme {
@@ -272,8 +278,14 @@ class Theme {
}
},
templates: {
- suggestion: ({ title, date, context }) => `${title}${date}
${context}
`,
- empty: ({ query }) => `${searchConfig.noResultsFound}: "${query}"
`,
+ suggestion: ({ title, date, context }, { query }) => {
+ const safeQuery = this.util.escapeHTML(query);
+ return `${title}${date}
${context}
`;
+ },
+ empty: ({ query }) => {
+ const safeQuery = this.util.escapeHTML(query);
+ return `${searchConfig.noResultsFound}: "${safeQuery}"
`;
+ },
footer: ({}) => {
const { searchType, icon, href } = searchConfig.type === 'algolia' ? {
searchType: 'algolia',