From 93cdf5e342aa5548efd398d9e34a6ba0a177b371 Mon Sep 17 00:00:00 2001
From: Eugene Molotov <em92@users.noreply.github.com>
Date: Mon, 26 Oct 2020 15:07:20 +0500
Subject: [PATCH] [core] Fixed passive XSS vulnerability

Reference: https://www.openbugbounty.org/reports/1140367/
---
 lib/BridgeList.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/BridgeList.php b/lib/BridgeList.php
index dc545de9..7b2d5268 100644
--- a/lib/BridgeList.php
+++ b/lib/BridgeList.php
@@ -129,7 +129,7 @@ EOD;
 	 * @return string The searchbar
 	 */
 	private static function getSearchbar() {
-		$query = filter_input(INPUT_GET, 'q');
+		$query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_SPECIAL_CHARS);
 
 		return <<<EOD
 <section class="searchbar">