From 38779d25760a18492e15ed64e192ac1bfd1fd103 Mon Sep 17 00:00:00 2001
From: rlx <rlx@rolux.org>
Date: Sun, 10 Jan 2016 15:17:41 +0530
Subject: [PATCH] fix another xss vuln

---
 static/js/importExportDialog.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/static/js/importExportDialog.js b/static/js/importExportDialog.js
index 9246b57..6d2fe86 100644
--- a/static/js/importExportDialog.js
+++ b/static/js/importExportDialog.js
@@ -122,7 +122,10 @@ oml.ui.importExportDialog = function(selected) {
             lists.length ? [{}] : []
         ).concat(
             lists.map(function(list) {
-                return {id: list.name, title: list.name};
+                return {
+                    id: Ox.encodeHTMLEntities(list.name),
+                    title: Ox.encodeHTMLEntities(list.name)
+                };
             })
         ).concat(selected == 'import' ? [
             {},