From 42b14b0d11a99d49894f8c1ef76c515f585fd157 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Thu, 8 Dec 2016 14:54:36 +0530
Subject: [PATCH] SECURITY: escape advanced search term

---
 .../discourse/components/search-advanced-options.js.es6        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/components/search-advanced-options.js.es6 b/app/assets/javascripts/discourse/components/search-advanced-options.js.es6
index ba68acd8bb6..51ec9b4483b 100644
--- a/app/assets/javascripts/discourse/components/search-advanced-options.js.es6
+++ b/app/assets/javascripts/discourse/components/search-advanced-options.js.es6
@@ -1,4 +1,5 @@
 import { observes } from 'ember-addons/ember-computed-decorators';
+import { escapeExpression } from 'discourse/lib/utilities';
 
 const REGEXP_BLOCKS                = /(([^" \t\n\x0B\f\r]+)?(("[^"]+")?))/g;
 
@@ -103,7 +104,7 @@ export default Em.Component.extend({
   },
 
   findSearchTerms() {
-    const searchTerm = this.get('searchTerm');
+    const searchTerm = escapeExpression(this.get('searchTerm'));
     if (!searchTerm)
       return [];