# -*- coding: UTF-8 -*-
"""set GoogleAjaxSearch on wiki page"""
from trac.util import escape

def execute(hdf, txt, env):
    # then, as `txt` comes from the user, it's important to guard against
    # the possibility to inject malicious HTML/Javascript, by using `escape()`:
    rtargs = '''<link href="http://www.google.com/uds/css/gsearch.css" type="text/css" rel="stylesheet"/>
                <script src="http://www.google.com/uds/api?file=uds.js&amp;v=1.0&amp;key=''' + txt + '''" type="text/javascript"></script>
                <script language="Javascript" type="text/javascript">
                //<![CDATA[
                    function OnLoad() {
                    var searchControl = new GSearchControl();
                    searchControl.addSearcher(new GwebSearch());
                    searchControl.addSearcher(new GblogSearch());
                    searchControl.draw(document.getElementById("searchcontrol"));
                    }
                    GSearch.setOnLoadCallback(OnLoad);
                //]]>
                </script>
                <div id="searchcontrol"></div>\r\n'''
    return rtargs