fix(search): Fix possible reflected XSS attack vector (#16522)

commit: 245b73b94f08a0386288e044381016d4ba840270 [log] [tgz]
author: Aditya Hase <aditya@adityahase.com> Wed Jan 30 19:56:04 2019 +0530
committer: Sagar Vora <sagar@resilient.tech> Wed Jan 30 19:56:04 2019 +0530
tree: 85dd6af51eee6baec005341223b0c747fd12afaf
parent: 78fc158b39e74546c3bd85ee1ea98e0f3bd4cb05 [diff]
diff --git a/erpnext/templates/pages/product_search.html b/erpnext/templates/pages/product_search.html
index d5a56b2..f9efd48 100644
--- a/erpnext/templates/pages/product_search.html
+++ b/erpnext/templates/pages/product_search.html

@@ -10,7 +10,7 @@
 <script>
 frappe.ready(function() {
 	var txt = frappe.utils.get_url_arg("search");
-	$(".search-results").html('{{ _("Search results for") + ": " + html2text(frappe.form_dict.search or "")|trim }}');
+	$(".search-results").html('{{ _("Search results for") + ": " + html2text(frappe.form_dict.search or "") | e | trim }}');
 	window.search = txt;
 	window.start = 0;
 	window.get_product_list();
commit	245b73b94f08a0386288e044381016d4ba840270	[log] [tgz]
author	Aditya Hase <aditya@adityahase.com>	Wed Jan 30 19:56:04 2019 +0530
committer	Sagar Vora <sagar@resilient.tech>	Wed Jan 30 19:56:04 2019 +0530
tree	85dd6af51eee6baec005341223b0c747fd12afaf
parent	78fc158b39e74546c3bd85ee1ea98e0f3bd4cb05 [diff]