From 5e5178b5e8dc0f1604ae6f57de9159c713b4bd8a Mon Sep 17 00:00:00 2001
From: lotus <lotus@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Sun, 14 Sep 2008 18:08:39 +0000
Subject: [PATCH] please use putHTML to avoid XSS

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@5149 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 htroot/Comparison_p.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htroot/Comparison_p.java b/htroot/Comparison_p.java
index 21ce29cd1..3c03c89c0 100644
--- a/htroot/Comparison_p.java
+++ b/htroot/Comparison_p.java
@@ -47,9 +47,9 @@ public class Comparison_p{
         
         if (post != null) {
             prop.put("search", 1);
-            prop.put("search_query", post.get("query", ""));
-            prop.put("search_left", searchengines.get(post.get("left", searchengines.get("YaCy"))));
-            prop.put("search_right", searchengines.get(post.get("right", searchengines.get("YaCy"))));
+            prop.putHTML("search_query", post.get("query", ""));
+            prop.putHTML("search_left", searchengines.get(post.get("left", searchengines.get("YaCy"))));
+            prop.putHTML("search_right", searchengines.get(post.get("right", searchengines.get("YaCy"))));
         } else {
             
             prop.put("search", 0);
@@ -60,7 +60,7 @@ public class Comparison_p{
         prop.put("searchengines", searchengines.size());
         int i = 0;
         for(String name : searchengines.keySet()){
-            prop.put("searchengines_" + i + "_searchengine", name);
+            prop.putHTML("searchengines_" + i + "_searchengine", name);
 	    if(post != null && post.get("left").equals(name)) {
 		    prop.put("searchengines_" + i + "_leftengine", 1);
 	    } else {