SECURITY: fix XSS vulnerability. fixes dokuwiki#4512

The namespace selector in the advanced search tools did not correctly
escape the user provided namespace.

This issue was reported by Mario Tesoro.

Author: splitbrain

inc/Ui/Search.php

@@ -302,7 +302,7 @@ protected function addNamespaceSelector(Form $searchForm)
         $currentWrapper = $searchForm->addTagOpen('div')->addClass('current');
         if ($baseNS) {
             $currentWrapper->addClass('changed');
-            $searchForm->addHTML('@' . $baseNS);
+            $searchForm->addHTML('@' . hsc($baseNS));
         } else {
             $searchForm->addHTML($lang['search_any_ns']);
         }
@@ -323,7 +323,7 @@ protected function addNamespaceSelector(Form $searchForm)
 
         foreach ($extraNS as $ns => $count) {
             $listItem = $searchForm->addTagOpen('li');
-            $label = $ns . ($count ? " <bdi>($count)</bdi>" : '');
+            $label = hsc($ns) . ($count ? " <bdi>($count)</bdi>" : '');
 
             if ($ns === $baseNS) {
                 $listItem->addClass('active');