Hi,

First, thank you for this module.
be carfull about xss (Cross-Site Scripting).
you can try a search with :

search/%3Cscript%3E%20window.alert%28%22execution%20de%20javascript%22%29%20%3C/script%3E

and see what you get...

I correct this by just add filter_xss() method in the module

sorry for my english

Comments

larskleiner’s picture

larskleiner commented

Thanks for spotting this (potential) vulnerability. It's probably better to follow this procedure: http://drupal.org/node/101494

ultimateboy’s picture

ultimateboy commented
Status: Active » Closed (cannot reproduce)

I cannot replicate this. If you can, please follow the procedure linked in #1 to report. Thanks.