diff --git a/src/theme/searcher/searcher.js b/src/theme/searcher/searcher.js
index e1cc806b..acf3d50c 100644
--- a/src/theme/searcher/searcher.js
+++ b/src/theme/searcher/searcher.js
@@ -145,6 +145,11 @@ window.search = window.search || {};
url.push("");
}
+ // encodeURIComponent escapes all chars that could allow an XSS except
+ // for '. Due to that we also manually replace ' with its url-encoded
+ // representation (%27).
+ var searchterms = encodeURIComponent(searchterms.join(" ")).replace(/\'/g, "%27");
+
return '' + result.doc.breadcrumbs + ''
+ ''