From b145dadd63527936fc1c3d1787fd7dd2b465aa2d Mon Sep 17 00:00:00 2001
From: Sarah Hoffmann <lonvia@denofr.de>
Date: Tue, 3 Feb 2015 23:12:21 +0100
Subject: [PATCH] correctly quote display name in html search result

---
 lib/template/search-html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/template/search-html.php b/lib/template/search-html.php
index 02c8cb4d..7da79ad8 100644
--- a/lib/template/search-html.php
+++ b/lib/template/search-html.php
@@ -199,7 +199,7 @@ target="_blank">FAQ</a></td>
 		}
 
 		echo (isset($aResult['icon'])?'<img alt="icon" src="'.$aResult['icon'].'"/>':'');
-		echo ' <span class="name">'.$aResult['name'].'</span>';
+		echo ' <span class="name">'.htmlspecialchars($aResult['name']).'</span>';
 		echo ' <span class="latlon">'.round($aResult['lat'],3).','.round($aResult['lon'],3).'</span>';
 		echo ' <span class="place_id">'.$aResult['place_id'].'</span>';
 		if (isset($aResult['label']))
-- 
2.39.5