From 677eb65bbd2eec5a17189198cb385b5ce23b760c Mon Sep 17 00:00:00 2001
From: Kevin Abel <kevin.abel.0@gmail.com>
Date: Tue, 29 Jul 2014 16:18:42 -0500
Subject: [PATCH] Escape HTML entities in the Google API URL

---
 www/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.php b/www/index.php
index cdab45d..76ef3c7 100644
--- a/www/index.php
+++ b/www/index.php
@@ -61,7 +61,7 @@ $params = array(
 if (!empty($apiKey)) {
     $params['key'] = $apiKey;
 }
-$page->addScript('//www.google.com/jsapi?' . http_build_query($params));
+$page->addScript(htmlspecialchars('//www.google.com/jsapi?' . http_build_query($params)));
 $page->addStyleSheet('css/search.css');
 
 //u is referring site
-- 
GitLab