Search query gets rendered as HTML

- Gitea version (or commit ref): 1.4.0+rc1
- Operating system: Ubuntu Server 16.04
- Database (use `[x]`):
  - [ ] PostgreSQL
  - [ ] MySQL
  - [ ] MSSQL
  - [x] SQLite
- Can you reproduce the bug at https://try.gitea.io:
  - [ ] Yes (provide example URL)
  - [x] No, because repo indexer is disabled
  - [ ] Not relevant

## Description

When I enter a HTML tag into the repository search, the query gets rendered as HTML. But it is sort of escaped because only h1, b, i etc. are rendered but without parameters like onload.

## Screenshots
Search-Query: `<i>`

![screenshot-2018-2-10 frontend 1](https://user-images.githubusercontent.com/5757182/36063557-cd78eaa8-0e7e-11e8-880a-4c023ee8e277.png)

Search-Query: `<h1>`

![screenshot-2018-2-10 frontend](https://user-images.githubusercontent.com/5757182/36063558-d06a7ff6-0e7e-11e8-9865-72a3650176af.png)

Search-Query: `<b>Hello</b><h1>World</h1>`

![screenshot-2018-2-10 frontend 2](https://user-images.githubusercontent.com/5757182/36063586-1b794572-0e7f-11e8-924d-63e162bf7d59.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Search query gets rendered as HTML #3485

Description

Screenshots

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Search query gets rendered as HTML #3485

Description

Description

Screenshots

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions