Index: branches/5.0.x/core/kernel/db/db_tag_processor.php
===================================================================
diff -u -N -r12511 -r12707
--- branches/5.0.x/core/kernel/db/db_tag_processor.php	(.../db_tag_processor.php)	(revision 12511)
+++ branches/5.0.x/core/kernel/db/db_tag_processor.php	(.../db_tag_processor.php)	(revision 12707)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_tag_processor.php 12511 2009-09-15 19:27:06Z alex $
+* @version	$Id: db_tag_processor.php 12707 2009-10-20 13:54:43Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -69,7 +69,8 @@
 	function SearchKeyword($params)
 	{
 		$list =& $this->GetList($params);
-		return $this->Application->RecallVar($list->getPrefixSpecial().'_search_keyword');
+
+		return $this->Application->RecallVar($list->getPrefixSpecial() . '_search_keyword');
 	}
 
 	/**
@@ -731,7 +732,10 @@
 	{
 		$field = $this->SelectParam($params, 'name,field');
 
-		if( !$this->Application->IsAdmin() ) $params['no_special'] = 'no_special';
+		if( !$this->Application->IsAdmin() ) {
+			// apply htmlspecialchars on all field values on Front-End
+			$params['no_special'] = 'no_special';
+		}
 
 		$object =& $this->getObject($params);
 
@@ -770,6 +774,7 @@
 		}
 
 		if (!array_key_exists('no_special', $params) || !$params['no_special']) {
+			// when no_special parameter NOT SET apply htmlspecialchars
 			$value = htmlspecialchars($value);
 		}