$NetBSD: patch-an,v 1.2 2012/11/02 19:02:51 shattered Exp $

--- man/search.cgi.orig	2007-09-21 23:26:43.000000000 +0200
+++ man/search.cgi
@@ -255,7 +255,8 @@ if (@rv == 1 && !$in{'check'}) {
 	}
 
 # Display search results
-$for = join($in{'and'} ? " and " : " or ", map { "<tt>$_</tt>" } @for);
+$for = join($in{'and'} ? " and " : " or ", map { "<tt>" . &html_escape($_) .
+	"</tt>" } @for);
 &ui_print_header(&text('search_for', $for), $text{'search_title'}, "");
 if (@rv) {
 	#@rv = sort { $b->[4] <=> $a->[4] } @rv;