Search queries are now escaped.
Has this fix been pushed live? I just tested it and the issue is still present. When I enter the search of: <hr>firefox the response listed within the twitter bubble message should literally say: <hr>firefox Currently the entered html is being evaluated and I see a line and then the word firefox. The solution is to output encode the value entered by the user. So the actual html would be this: <hr>firefox and the user would see <hr>firefox on the webpage.
Hello, we've deployed the latest version, everything should be fixed now.
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.