Fix potential XSS in search

data/interfaces/default/search.html

@@ -28,15 +28,17 @@
 
 <%def name="javascriptIncludes()">
 <script>
+    var query_string = "${query.replace('"','\\"').replace('/','\\/') | n}";
+
     $('#search_button').removeClass('btn-inactive');
-    $('#query').val("${query.replace('"','\\"') | n}").css({ right: '0', width: '250px' }).addClass('active');
+    $('#query').val(query_string).css({ right: '0', width: '250px' }).addClass('active');
 
     $.ajax({
         url: 'get_search_results_children',
-        type: "GET",
+        type: "POST",
         async: true,
         data: {
-            query: "${query.replace('"','\\"') | n}",
+            query: query_string,
             limit: 30
         },
         complete: function (xhr, status) {

data/interfaces/default/update_metadata.html

@@ -188,7 +188,7 @@ DOCUMENTATION :: END
             },
             complete: function (xhr, status) {
                 $('#search-results-list').html(xhr.responseText);
-                $('#update_query_title').html(query_string)
+                $('#update_query_title').text(query_string)
             }
         });
     }

plexpy/pmsconnect.py

@@ -2544,7 +2544,7 @@ class PmsConnect(object):
                         metadata = self.get_metadata_details(rating_key=rating_key)
                         search_results_list[metadata['media_type']].append(metadata)
 
-        output = {'results_count': sum(len(s) for s in search_results_list.items()),
+        output = {'results_count': sum(len(s) for s in search_results_list.values()),
                   'results_list': search_results_list
                   }