diff --git a/src/templates/index.html b/src/templates/index.html
index bc3d2fa..b16a1ed 100644
--- a/src/templates/index.html
+++ b/src/templates/index.html
@@ -1,5 +1,10 @@
{% extends 'base.html' %}
{% block content %}
+ {% if search_query %}
+
+
Results for {{ search_query }}
+
+ {% endif %}
{% if items %}
{% for item in items %}
diff --git a/src/views/indexview.py b/src/views/indexview.py
index 5160a9f..1cb57b9 100644
--- a/src/views/indexview.py
+++ b/src/views/indexview.py
@@ -1,9 +1,11 @@
#!/usr/bin/env python3
-from flask import render_template
+from flask import render_template, request
from flask_classful import FlaskView
from models import Item
+import bleach
+
"""
Index VIEW
"""
@@ -15,9 +17,16 @@ __version__text__ = "1"
class IndexView(FlaskView):
-
route_base = '/'
def index(self):
- items = Item.query.all()
- return render_template("index.html", items=items)
+ search_query = request.args.get('search')
+
+ if search_query:
+ search_query = bleach.clean(search_query, tags=[])
+ # https://stackoverflow.com/questions/31949733/is-a-sqlalchemy-query-vulnerable-to-injection-attacks/31949750#31949750
+ items = Item.query.filter(Item.name.ilike(f"%{search_query}%")).all()
+ else:
+ items = Item.query.all()
+
+ return render_template("index.html", items=items, search_query=search_query)