lib/resque/scheduler/server/views/search_form.erb in resque-scheduler-4.4.0 vs lib/resque/scheduler/server/views/search_form.erb in resque-scheduler-4.5.0
- old
+ new
@@ -1,6 +1,6 @@
<form method="POST" action="<%= u 'delayed/search' %>">
- <input type='input' name='search' value="<%= params[:search] %>"/>
+ <input type='input' name='search' value="<%= h params[:search] %>"/>
<input type='submit' value='Search'/>
</form>