From 928bd4fe1006d4319ab58bdadf42c07b37eb7249 Mon Sep 17 00:00:00 2001
From: Chris Morgan <me@chrismorgan.info>
Date: Tue, 28 Apr 2015 13:31:45 +1000
Subject: [PATCH] Fix #24872, XSS in docs not found page.

---
 src/doc/not_found.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/doc/not_found.md b/src/doc/not_found.md
index eae2bf1925a..e740bf3c223 100644
--- a/src/doc/not_found.md
+++ b/src/doc/not_found.md
@@ -57,8 +57,12 @@ function populate_rust_search() {
 
     // #18540, use a single token
 
+    var a = document.createElement("a");
+    a.href = "http://doc.rust-lang.org/core/?search=" + encodeURIComponent(lt);
+    a.textContent = lt;
     var search = document.getElementById('core-search');
-    search.innerHTML = "<a href=\"http://doc.rust-lang.org/core/?search=" + lt + "\">" + lt + "</a>";
+    search.innerHTML = "";
+    search.appendChild(a);
 }
 populate_site_search();
 populate_rust_search();