#3050 XSS in Reports names

WebContent/WEB-INF/jsp/reports.jsp

@@ -41,7 +41,7 @@
             
             for (var i=0; i<response.data.reports.length; i++) {
                 appendReport(response.data.reports[i].id);
-                updateReport(response.data.reports[i].id, escapeHtml(response.data.reports[i].name));
+                updateReport(response.data.reports[i].id, response.data.reports[i].name);
             }
             
             <c:if test="${!empty param.wlid}">
@@ -301,8 +301,7 @@
     
     function saveReport() {
         startImageFader("saveImg");
-        let name = escapeHtml($get("name"));
-        ReportsDwr.saveReport(selectedReport.id, name, reportPointsContext.convertToSave(), $get("includeEvents"),
+        ReportsDwr.saveReport(selectedReport.id, $get("name"), reportPointsContext.convertToSave(), $get("includeEvents"),
                 $get("includeUserComments"), $get("dateRangeType"), $get("relativeType"), $get("prevPeriodCount"),
                 $get("prevPeriodType"), $get("pastPeriodCount"), $get("pastPeriodType"), $get("fromNone"),
                 $get("fromYear"), $get("fromMonth"), $get("fromDay"), $get("fromHour"), $get("fromMinute"),
@@ -326,7 +325,7 @@
                 }
                 else
                     showMessage("userMessage", "<spring:message code="reports.reportSaved"/>");
-                updateReport(selectedReport.id, name);
+                updateReport(selectedReport.id, $get("name"));
             }
         });
         startImageFader("saveImg");
@@ -337,7 +336,8 @@
     }
     
     function updateReport(id, name) {
-        $("r"+ id +"Name").innerHTML = name;
+        let escapedName = escapeHtml(name);
+        $("r"+ id +"Name").innerHTML = escapedName;
     }
     
     function clearMessages() {