From a980041b883fcfc722827513d39a7a984a02175d Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 22 Jul 2013 14:38:28 +0200
Subject: [PATCH] Fixed escaping of values returned by WCF.Search.Base

---
 wcfsetup/install/files/acp/js/WCF.ACP.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/acp/js/WCF.ACP.js b/wcfsetup/install/files/acp/js/WCF.ACP.js
index 65aa99e6a3..f5d726097b 100644
--- a/wcfsetup/install/files/acp/js/WCF.ACP.js
+++ b/wcfsetup/install/files/acp/js/WCF.ACP.js
@@ -1915,7 +1915,7 @@ WCF.ACP.Search = WCF.Search.Base.extend({
 		for (var $i in resultList.items) {
 			var $item = resultList.items[$i];
 			
-			$('<li><a href="' + $item.link + '">' + $item.title + '</a></li>').appendTo(this._list);
+			$('<li><a href="' + $item.link + '">' + WCF.String.escapeHTML($item.title) + '</a></li>').appendTo(this._list);
 			
 			this._itemCount++;
 		}
-- 
2.20.1