diff --git a/panoramapublic/src/org/labkey/panoramapublic/query/ExperimentAnnotationsTableInfo.java b/panoramapublic/src/org/labkey/panoramapublic/query/ExperimentAnnotationsTableInfo.java
index 4c93fbea..622a5181 100644
--- a/panoramapublic/src/org/labkey/panoramapublic/query/ExperimentAnnotationsTableInfo.java
+++ b/panoramapublic/src/org/labkey/panoramapublic/query/ExperimentAnnotationsTableInfo.java
@@ -162,7 +162,10 @@ public void renderGridCellContents(RenderContext ctx, Writer out) throws IOExcep
.at(src, PageFlowUtil.staticResourceUrl("_images/plus.gif"))),
HtmlString.NBSP)
.appendTo(out);
- pageConfig.addHandler(spanId, "click", "viewExperimentDetails(this,'" + container.getPath() + "', '" + id + "','" + detailsPage + "')");
+ pageConfig.addHandler(spanId, "click", "viewExperimentDetails(this,"
+ + PageFlowUtil.jsString(container.getPath())
+ + ", " + id + ", "
+ + PageFlowUtil.jsString(detailsPage) + ")");
}
super.renderGridCellContents(ctx, out);
}
diff --git a/panoramapublic/webapp/PanoramaPublic/js/dropDownUtil.js b/panoramapublic/webapp/PanoramaPublic/js/dropDownUtil.js
index 08af5147..cb4252d3 100644
--- a/panoramapublic/webapp/PanoramaPublic/js/dropDownUtil.js
+++ b/panoramapublic/webapp/PanoramaPublic/js/dropDownUtil.js
@@ -66,12 +66,13 @@ viewExperimentDetails = function (obj, experimentContainer, id, detailsPageURL)
var results;
if(object.rows[rowNum][type] != null)
{
- if(object.rows[rowNum][type].length > 500)
+ let description = object.rows[rowNum][type];
+ if(description.length > 500)
{
- results = object.rows[rowNum][type].substring(0,500)+"...more.";
+ results = LABKEY.Utils.encodeHtml(description.substring(0,500)) +"...more.";
}
else {
- results =object.rows[rowNum][type];
+ results = LABKEY.Utils.encodeHtml(description);
}
}
else {results = null;}