diff --git a/static/js/pandora/importAnnotations.js b/static/js/pandora/importAnnotations.js
index a1563901..2c2f6be8 100644
--- a/static/js/pandora/importAnnotations.js
+++ b/static/js/pandora/importAnnotations.js
@@ -60,7 +60,7 @@ pandora.ui.importAnnotations = function(data) {
function addAnnotation() {
if(srt.length>0) {
var data = srt.shift();
- data.text = Ox.parseHTML(data.text)
+ data.text = Ox.sanitizeHTML(data.text)
.replace(/
\n/g, '\n')
.replace(/\n\n/g, '
\n')
.replace(/\n/g, '
\n');
diff --git a/static/js/pandora/info.js b/static/js/pandora/info.js
index 13fec6b1..90132738 100644
--- a/static/js/pandora/info.js
+++ b/static/js/pandora/info.js
@@ -172,10 +172,14 @@ pandora.ui.listInfo = function() {
$title = Ox.Editable({
editable: editable,
format: function(value) {
- return Ox.encodeHTML(Ox.decodeHTML(
- item.status == 'featured' || editable
- ? value
- : item.user + ': ' + value))
+ // FIXME: document what we're trying to do here!
+ return Ox.encodeHTMLEntities(
+ Ox.decodeHTMLEntities(
+ item.status == 'featured' || editable
+ ? value
+ : item.user + ': ' + value
+ )
+ )
},
tooltip: editable ? 'Doubleclick to edit title' : '',
value: item.name,
@@ -189,7 +193,7 @@ pandora.ui.listInfo = function() {
});
},
submit: function(data) {
- data.value = Ox.decodeHTML(data.value);
+ data.value = Ox.decodeHTMLEntities(data.value);
if (data.value != item.name) {
pandora.api.editList({
id: list,