Web - Client

I’ve already solved this one like everyone else in the solutions section. But I’ve noticed this ’search’ action commented and of course its vulnerability to xss. It’s not neccesary to use it to get the flag but why is there then? I guess we can get the flag with it too, we should be able to do it but I’ve tried and so far get nothing. Anyone has donde something with it? Could you give some light?