===================================================================
RCS file: /cvs/mandoc/cgi.c,v
retrieving revision 1.168
retrieving revision 1.170
diff -u -p -r1.168 -r1.170
--- mandoc/cgi.c	2019/10/01 17:54:14	1.168
+++ mandoc/cgi.c	2020/01/10 12:54:43	1.170
@@ -1,4 +1,4 @@
-/*	$Id: cgi.c,v 1.168 2019/10/01 17:54:14 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.170 2020/01/10 12:54:43 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014-2019 Ingo Schwarze <schwarze@usta.de>
@@ -340,6 +340,8 @@ resp_begin_http(int code, const char *msg)
 
 	printf("Content-Type: text/html; charset=utf-8\r\n"
 	     "Cache-Control: no-cache\r\n"
+	     "Content-Security-Policy: default-src 'none'; "
+	     "style-src 'self' 'unsafe-inline'\r\n"
 	     "Pragma: no-cache\r\n"
 	     "\r\n");
 
@@ -409,7 +411,7 @@ resp_searchform(const struct req *req, enum focus focu
 {
 	int		 i;
 
-	printf("<form action=\"/%s\" method=\"get\">\n"
+	printf("<form action=\"/%s\" method=\"get\" autocomplete=\"off\">\n"
 	       "  <fieldset>\n"
 	       "    <legend>Manual Page Search Parameters</legend>\n",
 	       scriptname);