X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/7b172efeb62dca337e356dab0d14c69ec51216b7..2cbcabb3f6992904903a72dfbcef624bd391a314:/app/views/site/_search.rhtml

diff --git a/app/views/site/_search.rhtml b/app/views/site/_search.rhtml
index 19b4ca2d1..bdfc2fb57 100644
--- a/app/views/site/_search.rhtml
+++ b/app/views/site/_search.rhtml
@@ -24,7 +24,7 @@
   <% if params[:query] %>
   <%= remote_function(:loading => "startSearch()",
                       :complete => "endSearch()",
-                      :url => { :controller => :geocoder, :action => :search, :query => params[:query] }) %>
+                      :url => { :controller => :geocoder, :action => :search, :query => h(params[:query]) }) %>
   <% end %>
 // -->
 </script>
@@ -38,7 +38,7 @@
     <% form_remote_tag(:loading => "startSearch()",
                        :complete => "endSearch()",
                        :url => { :controller => :geocoder, :action => :search }) do %>
-      <%= text_field_tag :query, params[:query] %>
+      <%= text_field_tag :query, h(params[:query]) %>
     <% end %>
     </span>
     <p id="search_active">Searching...</p>