Observe
- Try to search in the search form, and every we search, notice that the response will contain search criteria and it not sanitized. For example, if we search using
<img src=1 onerror=alert(1)>, it not sanitized but this script not executed.
<img src=1 onerror=alert(1)>, it not sanitized but this script not executed.