From ec23a205c77b2affbe274e02b1a12a8548d5a435 Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Sun, 17 Sep 2017 13:44:52 +0200
Subject: [PATCH] SuggestController: move escaping to controller

---
 application/controllers/SuggestController.php | 2 +-
 application/views/scripts/suggest/index.phtml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/controllers/SuggestController.php b/application/controllers/SuggestController.php
index d4650c1e..dad12236 100644
--- a/application/controllers/SuggestController.php
+++ b/application/controllers/SuggestController.php
@@ -44,7 +44,7 @@ class SuggestController extends ActionController
                     $matches[] = $this->highlight($str, $search);
                 }
             } else {
-                $matches[] = $str;
+                $matches[] = Util::escapeForHtml($str);
             }
         }
 
diff --git a/application/views/scripts/suggest/index.phtml b/application/views/scripts/suggest/index.phtml
index 4c1f1e59..5f804e1f 100644
--- a/application/views/scripts/suggest/index.phtml
+++ b/application/views/scripts/suggest/index.phtml
@@ -1,3 +1,3 @@
 <?php foreach ($suggestions as $suggest): ?>
-<li><?= $this->escape($suggest) ?></li>
+<li><?= $suggest ?></li>
 <?php endforeach ?>