Escape search query string

webapp/src/main/webapp/themes/iph/templates/search.ftl

@@ -8,7 +8,7 @@
 
         <form id="search-form" action="${urls.customsearch}" name="search" role="search" accept-charset="UTF-8" method="POST">
             <div id="search-field">
-                <input type="text" name="querytext" class="search-vivo" value="${querytext!}" autocapitalize="off" />
+                <input type="text" name="querytext" class="search-vivo" value="${querytext?html!}" autocapitalize="off" />
                 <input type="submit" value="${i18n().search_button}" class="search">
             </div>
         </form>