cross siite scripting in the blog

@cyberboy reported the following issue: > Well your domain http://blog.ok.ru/ gets redirected to http://insideok.ru which seems to be your domain as well . I confirmed that by making a whois check up. > The search parameter has a reflected cross site scripting vulnerability in it > The direct URL of the bug is as below > http://insideok.ru/search/dev?q=<svg onload=prompt(0)>