From 9a3253fc168281566d53a5c44ba05e5ffa2b4f47 Mon Sep 17 00:00:00 2001
From: Markus Heiser <markus.heiser@darmarit.de>
Date: Sat, 27 Nov 2021 08:39:48 +0100
Subject: [PATCH] [fix] route /autocompleter: escape '<' and '>' in the
 response

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
---
 searx/webapp.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/searx/webapp.py b/searx/webapp.py
index 94d421eb0..613849dc4 100755
--- a/searx/webapp.py
+++ b/searx/webapp.py
@@ -916,6 +916,7 @@ def autocompleter():
         suggestions = json.dumps([sug_prefix, results])
         mimetype = 'application/x-suggestions+json'
 
+    suggestions = escape(suggestions, False)
     return Response(suggestions, mimetype=mimetype)