[fix] route /autocompleter: escape '<' and '>' in the response

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
author: Markus Heiser <markus.heiser@darmarit.de> 2021-11-27 08:39:48 +0100
committer: Markus Heiser <markus.heiser@darmarit.de> 2021-11-27 08:39:48 +0100
commit: 9a3253fc168281566d53a5c44ba05e5ffa2b4f47 (patch)
tree: 3c37eca78f9e310bc276d488482a9ded97290e04
parent: e27b1ac57a7edf3d11c825ba8ad9798a2d56e281 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/searx/webapp.py b/searx/webapp.py
index 94d421eb0..613849dc4 100755
--- a/searx/webapp.py
+++ b/searx/webapp.py
@@ -916,6 +916,7 @@ def autocompleter():
         suggestions = json.dumps([sug_prefix, results])
         mimetype = 'application/x-suggestions+json'
 
+    suggestions = escape(suggestions, False)
     return Response(suggestions, mimetype=mimetype)
author	Markus Heiser <markus.heiser@darmarit.de>	2021-11-27 08:39:48 +0100
committer	Markus Heiser <markus.heiser@darmarit.de>	2021-11-27 08:39:48 +0100
commit	9a3253fc168281566d53a5c44ba05e5ffa2b4f47 (patch)
tree	3c37eca78f9e310bc276d488482a9ded97290e04
parent	e27b1ac57a7edf3d11c825ba8ad9798a2d56e281 (diff)