d26a087dff59f4e4493e4ce2cf7d5b1ae145fdf3
galt
  Thu Aug 18 12:15:52 2016 -0700
adding back commits reverted earlier that got lost in the final merge. XSS fixes.

diff --git src/hg/lib/hgFind.c src/hg/lib/hgFind.c
index eb02b61..0d6273d 100644
--- src/hg/lib/hgFind.c
+++ src/hg/lib/hgFind.c
@@ -2501,31 +2501,31 @@
 int start = BIGNUM;
 int end = 0;
 
 termCount = chopByChar(cloneString(spec), ';', terms, ArraySize(terms));
 multiTerm = (termCount > 1);
 
 for (i = 0;  i < termCount;  i++)
     {
     trimSpaces(terms[i]);
     if (isEmpty(terms[i]))
 	continue;
     hgp = hgPositionsFind(db, terms[i], "", hgAppName, cart, multiTerm);
     if (hgp == NULL || hgp->posCount == 0)
 	{
 	hgPositionsFree(&hgp);
-	warn("Sorry, couldn't locate %s in genome database\n", htmlEncode(terms[i]));
+	warn("Sorry, couldn't locate %s in genome database\n", terms[i]);
 	if (multiTerm)
 	    hUserAbort("%s not uniquely determined -- "
 		     "can't do multi-position search.", terms[i]);
 	*retWinStart = 0;
 	return NULL;
 	}
     
     if ((hgp->singlePos != NULL) && (!showAlias || !hgp->useAlias))
 	{
 	if (chrom != NULL && !sameString(chrom, hgp->singlePos->chrom))
 	    hUserAbort("Sites occur on different chromosomes: %s, %s.",
 		     chrom, hgp->singlePos->chrom);
 	chrom = hgp->singlePos->chrom;
 	if (hgp->singlePos->chromStart < start)
 	    start = hgp->singlePos->chromStart;