From f7db6ba2956ac7916b507dedcaa9269f061a9912 Mon Sep 17 00:00:00 2001
From: lolcat <will@lolcat.ca>
Date: Tue, 8 Jul 2025 23:10:13 -0400
Subject: [PATCH] fix potential xss woops

---
 src/web.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/web.php b/src/web.php
index 729fc1a..97316af 100644
--- a/src/web.php
+++ b/src/web.php
@@ -84,7 +84,7 @@ if($results["spelling"]["type"] != "no_correction"){
 			'&' .
 			$frontend->buildquery($get, true) .
 			'&spellcheck=no">' .
-			$results["spelling"]["correction"] .
+			htmlspecialchars($results["spelling"]["correction"]) .
 			'</a>?' .
 		'</div>';
 }