fix SSF-49

2 files changed, 3 insertions, 3 deletions

diff --git a/server/sonar-web/package.json b/server/sonar-web/package.json
index 5e4da37d17b..870e2c4ec0a 100644
--- a/server/sonar-web/package.json
+++ b/server/sonar-web/package.json
@@ -26,6 +26,7 @@
     "d3": "3.5.6",
     "del": "2.0.2",
     "enzyme": "2.2.0",
+    "escape-html": "1.0.3",
     "eslint": "^2.9.0",
     "eslint-plugin-import": "^1.8.0",
     "eslint-plugin-react": "^5.1.1",
diff --git a/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js b/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js
index a914b3ac6be..226241e67fd 100644
--- a/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js
+++ b/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js
@@ -20,6 +20,7 @@
 import $ from 'jquery';
 import _ from 'underscore';
 import Marionette from 'backbone.marionette';
+import escapeHtml from 'escape-html';
 import ChangeProfileParentView from './change-profile-parent-view';
 import ProfileChangelogView from './profile-changelog-view';
 import ProfileComparisonView from './profile-comparison-view';
@@ -81,9 +82,7 @@ export default Marionette.LayoutView.extend({
       height: 200,
       readOnly: !this.options.canWrite,
       focusSearch: false,
-      format (item) {
-        return item.name;
-      },
+      format: item => escapeHtml(item.name),
       searchUrl: window.baseUrl + '/api/qualityprofiles/projects?key=' + encodeURIComponent(key),
       selectUrl: window.baseUrl + '/api/qualityprofiles/add_project',
       deselectUrl: window.baseUrl + '/api/qualityprofiles/remove_project',