From 0ca5ffc49f1432d95ba5519f5b6e457c2dc24f5b Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Fri, 26 Jul 2013 21:36:18 +0530
Subject: [PATCH] Content server: Fix search query not being fully sanitized in
 results page

Fixes #1205385 [Private bug](https://bugs.launchpad.net/calibre/+bug/1205385)
---
 src/calibre/library/server/browse.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/calibre/library/server/browse.py b/src/calibre/library/server/browse.py
index bffeb33829..ef6b8f3f3c 100644
--- a/src/calibre/library/server/browse.py
+++ b/src/calibre/library/server/browse.py
@@ -291,7 +291,7 @@ class BrowseServer(object):
             lp = force_unicode(lp, filesystem_encoding)
         ans = ans.replace('{library_name}', xml(os.path.basename(lp)))
         ans = ans.replace('{library_path}', xml(lp, True))
-        ans = ans.replace('{initial_search}', initial_search)
+        ans = ans.replace('{initial_search}', xml(initial_search, attribute=True))
         return ans
 
     @property