Fix potential XSS in search

data/interfaces/default/search.html

@@ -28,15 +28,17 @@
 
 <%def name="javascriptIncludes()">
 <script>
+    var query_string = "${query.replace('"','\\"').replace('/','\\/') | n}";
+
     $('#search_button').removeClass('btn-inactive');
-    $('#query').val("${query.replace('"','\\"') | n}").css({ right: '0', width: '250px' }).addClass('active');
+    $('#query').val(query_string).css({ right: '0', width: '250px' }).addClass('active');
 
     $.ajax({
         url: 'get_search_results_children',
-        type: "GET",
+        type: "POST",
         async: true,
         data: {
-            query: "${query.replace('"','\\"') | n}",
+            query: query_string,
             limit: 30
         },
         complete: function (xhr, status) {