@kieran identified a DOM XSS vulnerability in the static site hosted at http://flight-manual.atom.io. We addressed the vulnerability by rendering search results using innerText instead of innerHTML.