Query suggestions in /emse/suggestions are depicted as hrefs, but not escaped. E.g. if "&" is in the suggestion, the server will interpret is as a URL argument.
Log in to post a comment.
