use html::purify on album titles to prevent XSS

3.0/modules/albumtree/views/albumtree_block_dtree.html.php

@@ -398,7 +398,7 @@ albumTree.config.cookieDomain = '';
 <?
 function addtree($album){
 ?>
-albumTree.add(<?= $album->id -1 ?>, <?= $album->parent_id -1 ?>, "<?= $album->title ?>", pf+'<?= $album->relative_url() ?>');
+albumTree.add(<?= $album->id -1 ?>, <?= $album->parent_id -1 ?>, "<?= html::purify($album->title) ?>", pf+'<?= $album->relative_url() ?>');
 <?
   foreach ($album->viewable()->children(null, null, array(array("type", "=", "album"))) as $child){
     addtree($child);

3.0/modules/albumtree/views/albumtree_block_list.html.php

@@ -15,7 +15,7 @@ function makelist($album,$level){
 //print out the list item
 ?>
   <li>
-    <a href="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat("&nbsp;&nbsp;", $level) ?><?= $album->title ?></a>
+    <a href="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat("&nbsp;&nbsp;", $level) ?><?= html::purify($album->title) ?></a>
   </li>
 <?
   //recurse over the children, and print their list items as well

3.0/modules/albumtree/views/albumtree_block_select.html.php

@@ -4,7 +4,7 @@
 function makeselect($album, $level){
 //print out the list item as a select option
 ?>
-<option value="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat("&nbsp;&nbsp;", $level) ?><?= $album->title ?></option>
+  <option value="<?= item::root()->url() ?><?= $album->relative_url() ?>"><?= str_repeat("&nbsp;&nbsp;", $level) ?><?= html::purify($album->title) ?></option>
 <?
   //recurse over the children, and print their list items as well
   foreach ($album->viewable()->children(null, null, array(array("type", "=", "album"))) as $child){