Escape result html after bolding search terms

Fixes #518
2021-11-01 15:34:59 -06:00 · 2021-11-01 15:34:59 -06:00 · 7fe066b4ea
parent c2ced23073
commit 7fe066b4ea
2 changed files with 5 additions and 4 deletions
--- a/app/routes.py
+++ b/app/routes.py
@ -275,7 +275,7 @@ def search():
        is_translation=any(
            _ in query.lower() for _ in [translation['translate'], 'translate']
        ) and not search_util.search_type,  # Standard search queries only
-        response=html.unescape(str(response)),
+        response=response,
        version_number=app.config['VERSION_NUMBER'],
        search_header=(render_template(
            'header.html',
--- a/app/utils/results.py
+++ b/app/utils/results.py
@ -1,4 +1,5 @@
 from bs4 import BeautifulSoup, NavigableString
+import html
 import os
 import urllib.parse as urlparse
 from urllib.parse import parse_qs
@ -56,11 +57,11 @@ def bold_search_terms(response: str, query: str) -> BeautifulSoup:
                element.parent and element.parent.name == 'style'):
            return

-        element.replace_with(
+        element.replace_with(BeautifulSoup(
            re.sub(fr'\b((?![{{}}<>-]){target_word}(?![{{}}<>-]))\b',
                   r'<b>\1</b>',
-                   element,
-                   flags=re.I)
+                   html.escape(element),
+                   flags=re.I), 'html.parser')
        )

    # Split all words out of query, grouping the ones wrapped in quotes