diff --git a/.idea/dataSources/a2c75661-f9e2-478f-a69f-6a9409e69997.xml b/.idea/dataSources/a2c75661-f9e2-478f-a69f-6a9409e69997.xml
index ae7ed066d..2f8739baa 100644
--- a/.idea/dataSources/a2c75661-f9e2-478f-a69f-6a9409e69997.xml
+++ b/.idea/dataSources/a2c75661-f9e2-478f-a69f-6a9409e69997.xml
@@ -345,321 +345,333 @@ parentNoteId</ColNames>
       <NotNull>1</NotNull>
       <DefaultExpression>&quot;&quot;</DefaultExpression>
     </column>
-    <index id="82" parent="11" name="sqlite_autoindex_note_contents_1">
+    <column id="82" parent="11" name="dateCreated">
+      <Position>6</Position>
+      <DataType>TEXT|0s</DataType>
+      <NotNull>1</NotNull>
+      <DefaultExpression>&apos;2018-05-08T23:41:15.225Z&apos;</DefaultExpression>
+    </column>
+    <column id="83" parent="11" name="dateModified">
+      <Position>7</Position>
+      <DataType>TEXT|0s</DataType>
+      <NotNull>1</NotNull>
+      <DefaultExpression>&apos;2018-05-08T23:41:15.225Z&apos;</DefaultExpression>
+    </column>
+    <index id="84" parent="11" name="sqlite_autoindex_note_contents_1">
       <NameSurrogate>1</NameSurrogate>
       <ColNames>noteContentId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <index id="83" parent="11" name="IDX_note_contents_noteId">
+    <index id="85" parent="11" name="IDX_note_contents_noteId">
       <ColNames>noteId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <key id="84" parent="11">
+    <key id="86" parent="11">
       <ColNames>noteContentId</ColNames>
       <Primary>1</Primary>
       <UnderlyingIndexName>sqlite_autoindex_note_contents_1</UnderlyingIndexName>
     </key>
-    <column id="85" parent="12" name="noteRevisionId">
+    <column id="87" parent="12" name="noteRevisionId">
       <Position>1</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="86" parent="12" name="noteId">
+    <column id="88" parent="12" name="noteId">
       <Position>2</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="87" parent="12" name="title">
+    <column id="89" parent="12" name="title">
       <Position>3</Position>
       <DataType>TEXT|0s</DataType>
     </column>
-    <column id="88" parent="12" name="content">
+    <column id="90" parent="12" name="content">
       <Position>4</Position>
       <DataType>TEXT|0s</DataType>
     </column>
-    <column id="89" parent="12" name="isProtected">
+    <column id="91" parent="12" name="isProtected">
       <Position>5</Position>
       <DataType>INT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>0</DefaultExpression>
     </column>
-    <column id="90" parent="12" name="dateModifiedFrom">
+    <column id="92" parent="12" name="dateModifiedFrom">
       <Position>6</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="91" parent="12" name="dateModifiedTo">
+    <column id="93" parent="12" name="dateModifiedTo">
       <Position>7</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="92" parent="12" name="type">
+    <column id="94" parent="12" name="type">
       <Position>8</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&apos;&apos;</DefaultExpression>
     </column>
-    <column id="93" parent="12" name="mime">
+    <column id="95" parent="12" name="mime">
       <Position>9</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&apos;&apos;</DefaultExpression>
     </column>
-    <column id="94" parent="12" name="hash">
+    <column id="96" parent="12" name="hash">
       <Position>10</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&quot;&quot;</DefaultExpression>
     </column>
-    <index id="95" parent="12" name="sqlite_autoindex_note_revisions_1">
+    <index id="97" parent="12" name="sqlite_autoindex_note_revisions_1">
       <NameSurrogate>1</NameSurrogate>
       <ColNames>noteRevisionId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <index id="96" parent="12" name="IDX_note_revisions_noteId">
+    <index id="98" parent="12" name="IDX_note_revisions_noteId">
       <ColNames>noteId</ColNames>
       <ColumnCollations></ColumnCollations>
     </index>
-    <index id="97" parent="12" name="IDX_note_revisions_dateModifiedFrom">
+    <index id="99" parent="12" name="IDX_note_revisions_dateModifiedFrom">
       <ColNames>dateModifiedFrom</ColNames>
       <ColumnCollations></ColumnCollations>
     </index>
-    <index id="98" parent="12" name="IDX_note_revisions_dateModifiedTo">
+    <index id="100" parent="12" name="IDX_note_revisions_dateModifiedTo">
       <ColNames>dateModifiedTo</ColNames>
       <ColumnCollations></ColumnCollations>
     </index>
-    <key id="99" parent="12">
+    <key id="101" parent="12">
       <ColNames>noteRevisionId</ColNames>
       <Primary>1</Primary>
       <UnderlyingIndexName>sqlite_autoindex_note_revisions_1</UnderlyingIndexName>
     </key>
-    <column id="100" parent="13" name="noteId">
+    <column id="102" parent="13" name="noteId">
       <Position>1</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="101" parent="13" name="title">
+    <column id="103" parent="13" name="title">
       <Position>2</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&quot;note&quot;</DefaultExpression>
     </column>
-    <column id="102" parent="13" name="isProtected">
+    <column id="104" parent="13" name="isProtected">
       <Position>3</Position>
       <DataType>INT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>0</DefaultExpression>
     </column>
-    <column id="103" parent="13" name="type">
+    <column id="105" parent="13" name="type">
       <Position>4</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&apos;text&apos;</DefaultExpression>
     </column>
-    <column id="104" parent="13" name="mime">
+    <column id="106" parent="13" name="mime">
       <Position>5</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&apos;text/html&apos;</DefaultExpression>
     </column>
-    <column id="105" parent="13" name="hash">
+    <column id="107" parent="13" name="hash">
       <Position>6</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&quot;&quot;</DefaultExpression>
     </column>
-    <column id="106" parent="13" name="isDeleted">
+    <column id="108" parent="13" name="isDeleted">
       <Position>7</Position>
       <DataType>INT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>0</DefaultExpression>
     </column>
-    <column id="107" parent="13" name="dateCreated">
+    <column id="109" parent="13" name="dateCreated">
       <Position>8</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="108" parent="13" name="dateModified">
+    <column id="110" parent="13" name="dateModified">
       <Position>9</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <index id="109" parent="13" name="sqlite_autoindex_notes_1">
+    <index id="111" parent="13" name="sqlite_autoindex_notes_1">
       <NameSurrogate>1</NameSurrogate>
       <ColNames>noteId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <key id="110" parent="13">
+    <key id="112" parent="13">
       <ColNames>noteId</ColNames>
       <Primary>1</Primary>
       <UnderlyingIndexName>sqlite_autoindex_notes_1</UnderlyingIndexName>
     </key>
-    <column id="111" parent="14" name="name">
+    <column id="113" parent="14" name="name">
       <Position>1</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="112" parent="14" name="value">
+    <column id="114" parent="14" name="value">
       <Position>2</Position>
       <DataType>TEXT|0s</DataType>
     </column>
-    <column id="113" parent="14" name="dateModified">
+    <column id="115" parent="14" name="dateModified">
       <Position>3</Position>
       <DataType>INT|0s</DataType>
     </column>
-    <column id="114" parent="14" name="isSynced">
+    <column id="116" parent="14" name="isSynced">
       <Position>4</Position>
       <DataType>INTEGER|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>0</DefaultExpression>
     </column>
-    <column id="115" parent="14" name="hash">
+    <column id="117" parent="14" name="hash">
       <Position>5</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&quot;&quot;</DefaultExpression>
     </column>
-    <column id="116" parent="14" name="dateCreated">
+    <column id="118" parent="14" name="dateCreated">
       <Position>6</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&apos;1970-01-01T00:00:00.000Z&apos;</DefaultExpression>
     </column>
-    <index id="117" parent="14" name="sqlite_autoindex_options_1">
+    <index id="119" parent="14" name="sqlite_autoindex_options_1">
       <NameSurrogate>1</NameSurrogate>
       <ColNames>name</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <key id="118" parent="14">
+    <key id="120" parent="14">
       <ColNames>name</ColNames>
       <Primary>1</Primary>
       <UnderlyingIndexName>sqlite_autoindex_options_1</UnderlyingIndexName>
     </key>
-    <column id="119" parent="15" name="branchId">
+    <column id="121" parent="15" name="branchId">
       <Position>1</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="120" parent="15" name="notePath">
+    <column id="122" parent="15" name="notePath">
       <Position>2</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="121" parent="15" name="hash">
+    <column id="123" parent="15" name="hash">
       <Position>3</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
       <DefaultExpression>&quot;&quot;</DefaultExpression>
     </column>
-    <column id="122" parent="15" name="dateCreated">
+    <column id="124" parent="15" name="dateCreated">
       <Position>4</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="123" parent="15" name="isDeleted">
+    <column id="125" parent="15" name="isDeleted">
       <Position>5</Position>
       <DataType>INT|0s</DataType>
     </column>
-    <index id="124" parent="15" name="sqlite_autoindex_recent_notes_1">
+    <index id="126" parent="15" name="sqlite_autoindex_recent_notes_1">
       <NameSurrogate>1</NameSurrogate>
       <ColNames>branchId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <key id="125" parent="15">
+    <key id="127" parent="15">
       <ColNames>branchId</ColNames>
       <Primary>1</Primary>
       <UnderlyingIndexName>sqlite_autoindex_recent_notes_1</UnderlyingIndexName>
     </key>
-    <column id="126" parent="16" name="sourceId">
+    <column id="128" parent="16" name="sourceId">
       <Position>1</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="127" parent="16" name="dateCreated">
+    <column id="129" parent="16" name="dateCreated">
       <Position>2</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <index id="128" parent="16" name="sqlite_autoindex_source_ids_1">
+    <index id="130" parent="16" name="sqlite_autoindex_source_ids_1">
       <NameSurrogate>1</NameSurrogate>
       <ColNames>sourceId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <key id="129" parent="16">
+    <key id="131" parent="16">
       <ColNames>sourceId</ColNames>
       <Primary>1</Primary>
       <UnderlyingIndexName>sqlite_autoindex_source_ids_1</UnderlyingIndexName>
     </key>
-    <column id="130" parent="17" name="type">
+    <column id="132" parent="17" name="type">
       <Position>1</Position>
       <DataType>text|0s</DataType>
     </column>
-    <column id="131" parent="17" name="name">
+    <column id="133" parent="17" name="name">
       <Position>2</Position>
       <DataType>text|0s</DataType>
     </column>
-    <column id="132" parent="17" name="tbl_name">
+    <column id="134" parent="17" name="tbl_name">
       <Position>3</Position>
       <DataType>text|0s</DataType>
     </column>
-    <column id="133" parent="17" name="rootpage">
+    <column id="135" parent="17" name="rootpage">
       <Position>4</Position>
       <DataType>integer|0s</DataType>
     </column>
-    <column id="134" parent="17" name="sql">
+    <column id="136" parent="17" name="sql">
       <Position>5</Position>
       <DataType>text|0s</DataType>
     </column>
-    <column id="135" parent="18" name="name">
+    <column id="137" parent="18" name="name">
       <Position>1</Position>
     </column>
-    <column id="136" parent="18" name="seq">
+    <column id="138" parent="18" name="seq">
       <Position>2</Position>
     </column>
-    <column id="137" parent="19" name="id">
+    <column id="139" parent="19" name="id">
       <Position>1</Position>
       <DataType>INTEGER|0s</DataType>
       <NotNull>1</NotNull>
       <SequenceIdentity>1</SequenceIdentity>
     </column>
-    <column id="138" parent="19" name="entityName">
+    <column id="140" parent="19" name="entityName">
       <Position>2</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="139" parent="19" name="entityId">
+    <column id="141" parent="19" name="entityId">
       <Position>3</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="140" parent="19" name="sourceId">
+    <column id="142" parent="19" name="sourceId">
       <Position>4</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <column id="141" parent="19" name="syncDate">
+    <column id="143" parent="19" name="syncDate">
       <Position>5</Position>
       <DataType>TEXT|0s</DataType>
       <NotNull>1</NotNull>
     </column>
-    <index id="142" parent="19" name="IDX_sync_entityName_entityId">
+    <index id="144" parent="19" name="IDX_sync_entityName_entityId">
       <ColNames>entityName
 entityId</ColNames>
       <ColumnCollations></ColumnCollations>
       <Unique>1</Unique>
     </index>
-    <index id="143" parent="19" name="IDX_sync_syncDate">
+    <index id="145" parent="19" name="IDX_sync_syncDate">
       <ColNames>syncDate</ColNames>
       <ColumnCollations></ColumnCollations>
     </index>
-    <key id="144" parent="19">
+    <key id="146" parent="19">
       <ColNames>id</ColNames>
       <Primary>1</Primary>
     </key>
diff --git a/src/entities/note.js b/src/entities/note.js
index 7d936ef22..23f7977f7 100644
--- a/src/entities/note.js
+++ b/src/entities/note.js
@@ -132,7 +132,7 @@ class Note extends Entity {
 
     /** @returns {boolean} true if the note has string content (not binary) */
     isStringNote() {
-        return ["text", "code", "relation-map"].includes(this.type) || this.mime.startsWith('text/');
+        return ["text", "code", "relation-map", "search"].includes(this.type) || this.mime.startsWith('text/');
     }
 
     /** @returns {string} JS script environment - either "frontend" or "backend" */
diff --git a/src/public/javascripts/services/note_detail_search.js b/src/public/javascripts/services/note_detail_search.js
index d340005cd..ef7466664 100644
--- a/src/public/javascripts/services/note_detail_search.js
+++ b/src/public/javascripts/services/note_detail_search.js
@@ -6,15 +6,11 @@ const $searchString = $("#search-string");
 const $component = $('#note-detail-search');
 const $refreshButton = $('#note-detail-search-refresh-results-button');
 
-function getContent() {
-    return JSON.stringify({
-        searchString: $searchString.val()
-    });
-}
-
 function show() {
     $component.show();
 
+    console.log(noteDetailService.getCurrentNote());
+
     try {
         const json = JSON.parse(noteDetailService.getCurrentNote().noteContent.content);
 
@@ -28,6 +24,12 @@ function show() {
     $searchString.on('input', noteDetailService.noteChanged);
 }
 
+function getContent() {
+    return JSON.stringify({
+        searchString: $searchString.val()
+    });
+}
+
 $refreshButton.click(async () => {
     await noteDetailService.saveNoteIfChanged();
 
diff --git a/src/public/javascripts/services/tree_builder.js b/src/public/javascripts/services/tree_builder.js
index a1a522be7..a7b196abf 100644
--- a/src/public/javascripts/services/tree_builder.js
+++ b/src/public/javascripts/services/tree_builder.js
@@ -126,7 +126,9 @@ async function prepareRealBranch(parentNote) {
 
 async function prepareSearchBranch(note) {
     const fullNote = await noteDetailService.loadNote(note.noteId);
-    const results = (await server.get('search/' + encodeURIComponent(fullNote.jsonContent.searchString)))
+    const json = JSON.parse(fullNote.noteContent.content);
+
+    const results = (await server.get('search/' + encodeURIComponent(json.searchString)))
         .filter(res => res.noteId !== note.noteId); // this is necessary because title of the search note is often the same as the search text which would match and create circle
 
     // force to load all the notes at once instead of one by one
diff --git a/src/routes/api/search.js b/src/routes/api/search.js
index 7e536691d..2499b4254 100644
--- a/src/routes/api/search.js
+++ b/src/routes/api/search.js
@@ -1,6 +1,7 @@
 "use strict";
 
 const sql = require('../../services/sql');
+const utils = require('../../services/utils');
 const noteService = require('../../services/notes');
 const noteCacheService = require('../../services/note_cache');
 const parseFilters = require('../../services/parse_filters');
@@ -55,15 +56,18 @@ async function getFullTextResults(searchText) {
     const tokenSql = ["1=1"];
 
     for (const token of tokens) {
-        // FIXME: escape token!
-        tokenSql.push(`(title LIKE '%${token}%' OR content LIKE '%${token}%')`);
+        const safeToken = utils.sanitizeSql(token);
+
+        tokenSql.push(`(title LIKE '%${safeToken}%' OR content LIKE '%${safeToken}%')`);
     }
 
     const noteIds = await sql.getColumn(`
       SELECT DISTINCT noteId 
-      FROM notes 
+      FROM 
+        notes
+        JOIN note_contents USING(noteId)
       WHERE isDeleted = 0 
-        AND isProtected = 0
+        AND notes.isProtected = 0
         AND type IN ('text', 'code')
         AND ${tokenSql.join(' AND ')}`);