opOpenSocialPlugin0_8_2_1_to0_8_2_2.diff

diff --git a/lib/form/MemberApplicationSettingForm.class.php b/lib/form/MemberApplicationSettingForm.class.php
index 05478ee..1e33062 100644
--- a/lib/form/MemberApplicationSettingForm.class.php
+++ b/lib/form/MemberApplicationSettingForm.class.php
@@ -34,6 +34,8 @@ class MemberApplicationSettingForm extends sfForm
 
   public function setConfigWidgets($memberId, $modId)
   {   
+    sfContext::getInstance()->getConfiguration()->loadHelpers(array('Escaping'));
+
     $memberApp = MemberApplicationPeer::retrieveByPk($modId);
     if (!$memberApp)
     {   
@@ -57,7 +59,7 @@ class MemberApplicationSettingForm extends sfForm
       $param   = array();
       $choices = array();
       $param['IsRequired'] = false;
-      $param['Caption'] = $setting['displayName'];
+      $param['Caption'] = sfOutputEscaper::escape(sfConfig::get('sf_escaping_method'), $setting['displayName']);
       if (empty($setting['type']) || $setting['type'] == 'HIDDEN')
       {   
         continue;
diff --git a/web/js/container.js b/web/js/container.js
index 4bd2543..8b63433 100644
--- a/web/js/container.js
+++ b/web/js/container.js
@@ -43,7 +43,7 @@ Container.prototype = {
  setTitle: function(title) {
    var element = $(this.f+'_title');
    if (element != undefined) {
-     element.update(title.replace(/&/g, '&amp;').replace(/</g, '&lt;'));
+     element.update(gadgets.util.escapeString(title));
    }
  }, 
  

opOpenSocialPlugin0_9_9to0_9_9_1.diff

diff --git a/lib/form/ApplicationUserSettingForm.class.php b/lib/form/ApplicationUserSettingForm.class.php
index 43517c1..e74dce5 100644
--- a/lib/form/ApplicationUserSettingForm.class.php
+++ b/lib/form/ApplicationUserSettingForm.class.php
@@ -34,14 +34,16 @@ class ApplicationUserSettingForm extends sfForm
 
   protected function setConfigWidget()
   {
+    sfContext::getInstance()->getConfiguration()->loadHelpers(array('Escaping'));
+
     $application = $this->memberApplication->getApplication();
     $settings = $application->getSettings();
     foreach ($settings as $key => $setting)
     {
       $param   = array();
-      $choices = array(); 
+      $choices = array();
       $param['IsRequired'] = false;
-      $param['Caption'] = $setting['displayName'];
+      $param['Caption'] = sfOutputEscaper::escape(sfConfig::get('sf_escaping_method'), $setting['displayName']);
       if (empty($setting['datatype']) || $setting['datatype'] == 'HIDDEN')
       {
         continue;
diff --git a/web/js/container.js b/web/js/container.js
index ce2a9ce..7232afb 100644
--- a/web/js/container.js
+++ b/web/js/container.js
@@ -1,6 +1,6 @@
 
 var Container=Class.create();Container.prototype={maxHeight:4096,initialize:function(web_prefix,api_prefix){gadgets.rpc.register('resize_iframe',this.setHeight);gadgets.rpc.register('set_pref',this.setUserPref);gadgets.rpc.register('set_title',this.setTitle);gadgets.rpc.register('requestNavigateTo',this.requestNavigateTo);gadgets.rpc.register('osapi._handleGadgetRpcMethod',this.handleGadgetRpcMethod);this.webPrefix=web_prefix;this.apiPrefix=api_prefix;},setHeight:function(height){if($(this.f)!=undefined){height+=28;if(height>gadgets.container.maxHeight){height=gadgets.container.maxHeight;}
 Element.setStyle($(this.f),{'height':height+'px'});}},_parseIframeUrl:function(url){var ret=new Object();var hashParams=url.replace(/#.*$/,'').split('&');var param=key=val='';for(i=0;i<hashParams.length;i++){param=hashParams[i];key=param.substr(0,param.indexOf('='));val=param.substr(param.indexOf('=')+1);ret[key]=val;}
-return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(title.replace(/&/g,'&amp;').replace(/</g,'&lt;'));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
+return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(gadgets.util.escapeString(title));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
 if(url&&document.location.href.indexOf(url)==-1){document.location.href=url;}}},handleGadgetRpcMethod:function(requests)
 {}}
\ No newline at end of file
diff --git a/web/js/container.js.src b/web/js/container.js.src
index eadce0e..358c56d 100644
--- a/web/js/container.js.src
+++ b/web/js/container.js.src
@@ -48,7 +48,7 @@ Container.prototype = {
   setTitle: function(title) {
     var element = $(this.f+'_title');
     if (element != undefined) {
-      element.update(title.replace(/&/g, '&amp;').replace(/</g, '&lt;'));
+      element.update(gadgets.util.escapeString(title));
     }
   },
   

opOpenSocialPlugin1_0_4to1_0_4_1.diff

diff --git a/lib/form/ApplicationUserSettingForm.class.php b/lib/form/ApplicationUserSettingForm.class.php
index 43517c1..e74dce5 100644
--- a/lib/form/ApplicationUserSettingForm.class.php
+++ b/lib/form/ApplicationUserSettingForm.class.php
@@ -34,14 +34,16 @@ class ApplicationUserSettingForm extends sfForm
 
   protected function setConfigWidget()
   {
+    sfContext::getInstance()->getConfiguration()->loadHelpers(array('Escaping'));
+
     $application = $this->memberApplication->getApplication();
     $settings = $application->getSettings();
     foreach ($settings as $key => $setting)
     {
       $param   = array();
-      $choices = array(); 
+      $choices = array();
       $param['IsRequired'] = false;
-      $param['Caption'] = $setting['displayName'];
+      $param['Caption'] = sfOutputEscaper::escape(sfConfig::get('sf_escaping_method'), $setting['displayName']);
       if (empty($setting['datatype']) || $setting['datatype'] == 'HIDDEN')
       {
         continue;
diff --git a/web/js/container.js b/web/js/container.js
index f8463f0..9bda355 100644
--- a/web/js/container.js
+++ b/web/js/container.js
@@ -1,6 +1,6 @@
 
 var Container=Class.create();Container.prototype={maxHeight:4096,initialize:function(web_prefix,api_prefix,view,has_app){gadgets.rpc.register('resize_iframe',this.setHeight);gadgets.rpc.register('set_pref',this.setUserPref);gadgets.rpc.register('set_title',this.setTitle);gadgets.rpc.register('requestNavigateTo',this.requestNavigateTo);gadgets.rpc.register('osapi._handleGadgetRpcMethod',this.handleGadgetRpcMethod);gadgets.rpc.register('shindig.requestShareApp',this.requestShareApp);this.webPrefix=web_prefix;this.apiPrefix=api_prefix;this.view=view;this.hasApp=has_app;},setHeight:function(height){if($(this.f)!=undefined){height+=28;if(height>gadgets.container.maxHeight){height=gadgets.container.maxHeight;}
 Element.setStyle($(this.f),{'height':height+'px'});}},_parseIframeUrl:function(url){var ret=new Object();var hashParams=url.replace(/#.*$/,'').split('&');var param=key=val='';for(i=0;i<hashParams.length;i++){param=hashParams[i];key=param.substr(0,param.indexOf('='));val=param.substr(param.indexOf('=')+1);ret[key]=val;}
-return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(title.replace(/&/g,'&amp;').replace(/</g,'&lt;'));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
+return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(gadgets.util.escapeString(title));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
 if(url&&document.location.href.indexOf(url)==-1){document.location.href=url;}}},handleGadgetRpcMethod:function(requests){},requestShareApp:function(callbackId,recipientIds,body){var ret=this.f.match(/remote_iframe_(\d+)/);var f=this.f;if(ret){var mod_id=ret[1];if('canvas'==gadgets.container.view&&gadgets.container.hasApp){iframeModalBox.open(gadgets.container.webPrefix+'/application/invite/'+mod_id,function(data){var ids=[];var is_success=false;if(undefined!=data&&false!==data&&data){var ids=data;is_success=true;}
 gadgets.rpc.call(f,'shindig.requestShareApp_callback',null,callbackId,is_success,'',ids);});}else{gadgets.rpc.call(f,'shindig.requestShareApp_callback',null,callbackId,false,'forbidden',[]);}}}}
\ No newline at end of file
diff --git a/web/js/container.js.src b/web/js/container.js.src
index 33036f3..71d969f 100644
--- a/web/js/container.js.src
+++ b/web/js/container.js.src
@@ -51,7 +51,7 @@ Container.prototype = {
   setTitle: function(title) {
     var element = $(this.f+'_title');
     if (element != undefined) {
-      element.update(title.replace(/&/g, '&amp;').replace(/</g, '&lt;'));
+      element.update(gadgets.util.escapeString(title));
     }
   },
 

opOpenSocialPlugin1_2_1to1_2_1_1.diff

diff --git a/lib/form/ApplicationUserSettingForm.class.php b/lib/form/ApplicationUserSettingForm.class.php
index 43517c1..e74dce5 100644
--- a/lib/form/ApplicationUserSettingForm.class.php
+++ b/lib/form/ApplicationUserSettingForm.class.php
@@ -34,14 +34,16 @@ class ApplicationUserSettingForm extends sfForm
 
   protected function setConfigWidget()
   {
+    sfContext::getInstance()->getConfiguration()->loadHelpers(array('Escaping'));
+
     $application = $this->memberApplication->getApplication();
     $settings = $application->getSettings();
     foreach ($settings as $key => $setting)
     {
       $param   = array();
-      $choices = array(); 
+      $choices = array();
       $param['IsRequired'] = false;
-      $param['Caption'] = $setting['displayName'];
+      $param['Caption'] = sfOutputEscaper::escape(sfConfig::get('sf_escaping_method'), $setting['displayName']);
       if (empty($setting['datatype']) || $setting['datatype'] == 'HIDDEN')
       {
         continue;
diff --git a/web/js/container.js b/web/js/container.js
index f8463f0..9bda355 100644
--- a/web/js/container.js
+++ b/web/js/container.js
@@ -1,6 +1,6 @@
 
 var Container=Class.create();Container.prototype={maxHeight:4096,initialize:function(web_prefix,api_prefix,view,has_app){gadgets.rpc.register('resize_iframe',this.setHeight);gadgets.rpc.register('set_pref',this.setUserPref);gadgets.rpc.register('set_title',this.setTitle);gadgets.rpc.register('requestNavigateTo',this.requestNavigateTo);gadgets.rpc.register('osapi._handleGadgetRpcMethod',this.handleGadgetRpcMethod);gadgets.rpc.register('shindig.requestShareApp',this.requestShareApp);this.webPrefix=web_prefix;this.apiPrefix=api_prefix;this.view=view;this.hasApp=has_app;},setHeight:function(height){if($(this.f)!=undefined){height+=28;if(height>gadgets.container.maxHeight){height=gadgets.container.maxHeight;}
 Element.setStyle($(this.f),{'height':height+'px'});}},_parseIframeUrl:function(url){var ret=new Object();var hashParams=url.replace(/#.*$/,'').split('&');var param=key=val='';for(i=0;i<hashParams.length;i++){param=hashParams[i];key=param.substr(0,param.indexOf('='));val=param.substr(param.indexOf('=')+1);ret[key]=val;}
-return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(title.replace(/&/g,'&amp;').replace(/</g,'&lt;'));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
+return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(gadgets.util.escapeString(title));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
 if(url&&document.location.href.indexOf(url)==-1){document.location.href=url;}}},handleGadgetRpcMethod:function(requests){},requestShareApp:function(callbackId,recipientIds,body){var ret=this.f.match(/remote_iframe_(\d+)/);var f=this.f;if(ret){var mod_id=ret[1];if('canvas'==gadgets.container.view&&gadgets.container.hasApp){iframeModalBox.open(gadgets.container.webPrefix+'/application/invite/'+mod_id,function(data){var ids=[];var is_success=false;if(undefined!=data&&false!==data&&data){var ids=data;is_success=true;}
 gadgets.rpc.call(f,'shindig.requestShareApp_callback',null,callbackId,is_success,'',ids);});}else{gadgets.rpc.call(f,'shindig.requestShareApp_callback',null,callbackId,false,'forbidden',[]);}}}}
\ No newline at end of file
diff --git a/web/js/container.js.src b/web/js/container.js.src
index 33036f3..71d969f 100644
--- a/web/js/container.js.src
+++ b/web/js/container.js.src
@@ -51,7 +51,7 @@ Container.prototype = {
   setTitle: function(title) {
     var element = $(this.f+'_title');
     if (element != undefined) {
-      element.update(title.replace(/&/g, '&amp;').replace(/</g, '&lt;'));
+      element.update(gadgets.util.escapeString(title));
     }
   },
 

opOpenSocialPlugin1_3_0to1_3_0_1.diff

diff --git a/lib/form/ApplicationUserSettingForm.class.php b/lib/form/ApplicationUserSettingForm.class.php
index 43517c1..e74dce5 100644
--- a/lib/form/ApplicationUserSettingForm.class.php
+++ b/lib/form/ApplicationUserSettingForm.class.php
@@ -34,14 +34,16 @@ class ApplicationUserSettingForm extends sfForm
 
   protected function setConfigWidget()
   {
+    sfContext::getInstance()->getConfiguration()->loadHelpers(array('Escaping'));
+
     $application = $this->memberApplication->getApplication();
     $settings = $application->getSettings();
     foreach ($settings as $key => $setting)
     {
       $param   = array();
-      $choices = array(); 
+      $choices = array();
       $param['IsRequired'] = false;
-      $param['Caption'] = $setting['displayName'];
+      $param['Caption'] = sfOutputEscaper::escape(sfConfig::get('sf_escaping_method'), $setting['displayName']);
       if (empty($setting['datatype']) || $setting['datatype'] == 'HIDDEN')
       {
         continue;
diff --git a/web/js/container.js b/web/js/container.js
index f8463f0..9bda355 100644
--- a/web/js/container.js
+++ b/web/js/container.js
@@ -1,6 +1,6 @@
 
 var Container=Class.create();Container.prototype={maxHeight:4096,initialize:function(web_prefix,api_prefix,view,has_app){gadgets.rpc.register('resize_iframe',this.setHeight);gadgets.rpc.register('set_pref',this.setUserPref);gadgets.rpc.register('set_title',this.setTitle);gadgets.rpc.register('requestNavigateTo',this.requestNavigateTo);gadgets.rpc.register('osapi._handleGadgetRpcMethod',this.handleGadgetRpcMethod);gadgets.rpc.register('shindig.requestShareApp',this.requestShareApp);this.webPrefix=web_prefix;this.apiPrefix=api_prefix;this.view=view;this.hasApp=has_app;},setHeight:function(height){if($(this.f)!=undefined){height+=28;if(height>gadgets.container.maxHeight){height=gadgets.container.maxHeight;}
 Element.setStyle($(this.f),{'height':height+'px'});}},_parseIframeUrl:function(url){var ret=new Object();var hashParams=url.replace(/#.*$/,'').split('&');var param=key=val='';for(i=0;i<hashParams.length;i++){param=hashParams[i];key=param.substr(0,param.indexOf('='));val=param.substr(param.indexOf('=')+1);ret[key]=val;}
-return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(title.replace(/&/g,'&amp;').replace(/</g,'&lt;'));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
+return ret;},setUserPref:function(editToken,name,value){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container.apiPrefix+'/prefs/set';new Ajax.Request(url,{method:'get',parameters:{name:name,value:value,st:params.st}});}},setTitle:function(title){var element=$(this.f+'_title');if(element!=undefined){element.update(gadgets.util.escapeString(title));}},_getUrlForView:function(view,person,app,mod){if(view==='home'){return gadgets.container.webPrefix;}else if(view==='profile'){return gadgets.container.webPrefix+'/member/'+person;}else if(view==='canvas'){return gadgets.container.webPrefix+'/application/canvas/'+mod;}else{return null;}},requestNavigateTo:function(view,opt_params){if($(this.f)!=undefined){var params=gadgets.container._parseIframeUrl($(this.f).src);var url=gadgets.container._getUrlForView(view,params.owner,params.aid,params.mid);if(opt_params){var paramStr=Object.toJSON(opt_params);if(paramStr.length>0){url+='?appParams='+encodeURIComponent(paramStr);}}
 if(url&&document.location.href.indexOf(url)==-1){document.location.href=url;}}},handleGadgetRpcMethod:function(requests){},requestShareApp:function(callbackId,recipientIds,body){var ret=this.f.match(/remote_iframe_(\d+)/);var f=this.f;if(ret){var mod_id=ret[1];if('canvas'==gadgets.container.view&&gadgets.container.hasApp){iframeModalBox.open(gadgets.container.webPrefix+'/application/invite/'+mod_id,function(data){var ids=[];var is_success=false;if(undefined!=data&&false!==data&&data){var ids=data;is_success=true;}
 gadgets.rpc.call(f,'shindig.requestShareApp_callback',null,callbackId,is_success,'',ids);});}else{gadgets.rpc.call(f,'shindig.requestShareApp_callback',null,callbackId,false,'forbidden',[]);}}}}
\ No newline at end of file
diff --git a/web/js/container.js.src b/web/js/container.js.src
index 33036f3..71d969f 100644
--- a/web/js/container.js.src
+++ b/web/js/container.js.src
@@ -51,7 +51,7 @@ Container.prototype = {
   setTitle: function(title) {
     var element = $(this.f+'_title');
     if (element != undefined) {
-      element.update(title.replace(/&/g, '&amp;').replace(/</g, '&lt;'));
+      element.update(gadgets.util.escapeString(title));
     }
   },