From ebb83a75234d3de9be129464013e998dc929b68d Mon Sep 17 00:00:00 2001
From: Kim Shepherd <kim@shepherd.nz>
Date: Wed, 8 Apr 2020 12:55:36 +1200
Subject: [PATCH] [DS-4453] Fix XSS handling in JSPUI discovery spellcheck

---
 dspace-jspui/src/main/webapp/search/discovery.jsp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dspace-jspui/src/main/webapp/search/discovery.jsp b/dspace-jspui/src/main/webapp/search/discovery.jsp
index 6cfafd4f3c7d..ac51dbcb1405 100644
--- a/dspace-jspui/src/main/webapp/search/discovery.jsp
+++ b/dspace-jspui/src/main/webapp/search/discovery.jsp
@@ -209,7 +209,7 @@
         <input type="text" size="50" id="query" name="query" value="<%= (query==null ? "" : Utils.addEntities(query)) %>"/>
         <input type="submit" id="main-query-submit" class="btn btn-primary" value="<fmt:message key="jsp.general.go"/>" />
 <% if (StringUtils.isNotBlank(spellCheckQuery)) {%>
-	<p class="lead"><fmt:message key="jsp.search.didyoumean"><fmt:param><a id="spellCheckQuery" data-spell="<%= Utils.addEntities(spellCheckQuery) %>" href="#"><%= spellCheckQuery %></a></fmt:param></fmt:message></p>
+	<p class="lead"><fmt:message key="jsp.search.didyoumean"><fmt:param><a id="spellCheckQuery" data-spell="<%= Utils.addEntities(spellCheckQuery) %>" href="#"><%= Utils.addEntities(spellCheckQuery) %></a></fmt:param></fmt:message></p>
 <% } %>                  
         <input type="hidden" value="<%= rpp %>" name="rpp" />
         <input type="hidden" value="<%= Utils.addEntities(sortedBy) %>" name="sort_by" />