From: Sarah Hoffmann <lonvia@denofr.de>
Date: Tue, 3 Feb 2015 22:12:21 +0000 (+0100)
Subject: correctly quote display name in html search result
X-Git-Tag: v2.4.0~44
X-Git-Url: https://git.openstreetmap.org./nominatim.git/commitdiff_plain/b145dadd63527936fc1c3d1787fd7dd2b465aa2d

correctly quote display name in html search result
---

diff --git a/lib/template/search-html.php b/lib/template/search-html.php
index 02c8cb4d..7da79ad8 100644
--- a/lib/template/search-html.php
+++ b/lib/template/search-html.php
@@ -199,7 +199,7 @@ target="_blank">FAQ</a></td>
 		}
 
 		echo (isset($aResult['icon'])?'<img alt="icon" src="'.$aResult['icon'].'"/>':'');
-		echo ' <span class="name">'.$aResult['name'].'</span>';
+		echo ' <span class="name">'.htmlspecialchars($aResult['name']).'</span>';
 		echo ' <span class="latlon">'.round($aResult['lat'],3).','.round($aResult['lon'],3).'</span>';
 		echo ' <span class="place_id">'.$aResult['place_id'].'</span>';
 		if (isset($aResult['label']))