Ensure that HTML can't be executed when entered on the "Search History" or "Search downloads" pages.

BUG= http://crbug.com/17892
TEST= Open history / downloads page. Search for "<h1>HI</h1>".  Note that the HTML is not interpreted, but displayed as text.

Review URL: http://codereview.chromium.org/201129

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26357 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 2 insertions, 2 deletions

diff --git a/chrome/browser/resources/downloads.html b/chrome/browser/resources/downloads.html
index 2765c1e..e5a4187 100644
--- a/chrome/browser/resources/downloads.html
+++ b/chrome/browser/resources/downloads.html
@@ -260,7 +260,7 @@ Downloads.prototype.setSearchText = function(searchText) {
  */
 Downloads.prototype.updateSummary = function() {
   if (this.searchText_) {
-    this.summary_.innerHTML = localStrings.formatString(
+    this.summary_.textContent = localStrings.formatString(
         'searchresultsfor', this.searchText_);
   } else {
     this.summary_.innerHTML = localStrings.getString('downloads');
diff --git a/chrome/browser/resources/history.html b/chrome/browser/resources/history.html
index fbc4122..ec36837 100644
--- a/chrome/browser/resources/history.html
+++ b/chrome/browser/resources/history.html
@@ -527,7 +527,7 @@ HistoryView.prototype.displayResults_ = function() {
 HistoryView.prototype.displaySummaryBar_ = function() {
   var searchText = this.model_.getSearchText();
   if (searchText != '') {
-    this.summaryDiv_.innerHTML = localStrings.formatString('searchresultsfor',
+    this.summaryDiv_.textContent = localStrings.formatString('searchresultsfor',
         searchText);
   } else {
     this.summaryDiv_.innerHTML = localStrings.getString('history');