Merge pull request #13957 from madhuracj/xss

Escape search string and table names in database search results page

templates/database/search/results.twig

@@ -3,7 +3,7 @@
         {{ 'Search results for "<em>%s</em>" %s:'|format(
             criteria_search_string,
             search_type_description
-        )|raw }}
+        ) }}
     </caption>
     {% for row in rows %}
         <tr class="noclick">
@@ -15,7 +15,7 @@
                         %1$s matches in <strong>%2$s</strong>
                     {% endtrans %}
                 {% endset %}
-                {{ result_message|format(row.result_count, row.table)|raw }}
+                {{ result_message|format(row.result_count, row.table) }}
             </td>
             {% if row.result_count > 0 %}
                 {% set url_params = {