From fb4898c4fa5afebad30d0702bbcaa614e5609232 Mon Sep 17 00:00:00 2001
From: kpcyrd <git@rxv.cc>
Date: Mon, 30 Jun 2014 21:32:46 +0200
Subject: [PATCH 1/2] Fix self-xss issue in contact-group-rename

---
 app/assets/javascripts/aspect-edit-pane.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/aspect-edit-pane.js b/app/assets/javascripts/aspect-edit-pane.js
index 61a0bc7f0..8c9725bf2 100644
--- a/app/assets/javascripts/aspect-edit-pane.js
+++ b/app/assets/javascripts/aspect-edit-pane.js
@@ -9,7 +9,7 @@ function toggleAspectTitle(){
 }
 
 function updateAspectName(new_name) {
-  $('#aspect_name_title .name').html(new_name);
+  $('#aspect_name_title .name').text(new_name);
   $('input#aspect_name').val(new_name);
 }
 function updatePageAspectName( an_id, new_name) {

From 20ffa8fa138816fab5c3834b7a7d00d45af05c39 Mon Sep 17 00:00:00 2001
From: kpcyrd <git@rxv.cc>
Date: Tue, 1 Jul 2014 00:12:26 +0200
Subject: [PATCH 2/2] Fix another self-xss issue

---
 app/assets/javascripts/aspect-edit-pane.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/aspect-edit-pane.js b/app/assets/javascripts/aspect-edit-pane.js
index 8c9725bf2..feaf196c2 100644
--- a/app/assets/javascripts/aspect-edit-pane.js
+++ b/app/assets/javascripts/aspect-edit-pane.js
@@ -13,7 +13,7 @@ function updateAspectName(new_name) {
   $('input#aspect_name').val(new_name);
 }
 function updatePageAspectName( an_id, new_name) {
-  $('ul#aspect_nav [data-guid="'+an_id+'"]').html(new_name);
+  $('ul#aspect_nav [data-guid="'+an_id+'"]').text(new_name);
 }
 
 $(document).ready(function() {