HTML-escape expression in the output (to quote &)

[phdru.name/cgi-bin/blog-ru/search-tags.git] / search-tags.py

diff --git a/search-tags.py b/search-tags.py
index fe006bfd5b69f41d1759baa56b8905ad1da58893..e40f05c0500e5104d88e0948da57a7196ba85dbc 100755 (executable)
--- a/search-tags.py
+++ b/search-tags.py
@@ -3,7 +3,7 @@
 """Search tags CGI"""
 
 __author__ = "Oleg Broytman <phd@phdru.name>"
-__copyright__ = "Copyright (C) 2014 PhiloSoft Design"
+__copyright__ = "Copyright (C) 2014-2016 PhiloSoft Design"
 __license__ = "GNU GPL"
 
 import cgi, sys
@@ -42,7 +42,7 @@ else:
         from tags import find_tags
         posts = find_tags(tree)
         status = None
-        title = "Записи, найденные для выражения " + q
+        title = "Записи, найденные для выражения " + cgi.escape(q)
         if posts:
             _posts = ["""\
 <p class="head">