From f4172cbb3da45f9268ac32fa4408955c3eafe06a Mon Sep 17 00:00:00 2001
From: Michael Peter Christen <mc@yacy.net>
Date: Sun, 17 Nov 2013 00:17:25 +0100
Subject: [PATCH] fix for another XSS bug

---
 htroot/portalsearch/yacy-portalsearch.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htroot/portalsearch/yacy-portalsearch.js b/htroot/portalsearch/yacy-portalsearch.js
index 8121347e5..ed77cd46a 100644
--- a/htroot/portalsearch/yacy-portalsearch.js
+++ b/htroot/portalsearch/yacy-portalsearch.js
@@ -242,6 +242,7 @@ function yacysearch(clear) {
 		param[i] = item;
 	});
 	param[param.length] = { name : 'startRecord', value : startRecord };
+	ycurr = ycurr.replace("<"," ").replace(">"," ");
 	
 	$.ajaxSetup({ 
         timeout: 10000,
@@ -274,7 +275,7 @@ function yacysearch(clear) {
 			else data = json;			
 			
 			var searchTerms = "";
-			searchTerms = data.channels[0].searchTerms;			
+			searchTerms = data.channels[0].searchTerms.replace("<"," ").replace(">"," ");;			
 						
 			if($.trim(ycurr.replace(/ /g,"+")) != searchTerms) {
 				return false;