From 6904781f8d3ac999977125d7cf0c3a7d65391bc6 2015-01-17 22:46:01
From: Matthias Bussonnier <bussonniermatthias@gmail.com>
Date: 2015-01-17 22:46:01
Subject: [PATCH] Sanitize dialog text-body.

Mitigate 7486, could probably be improved, but
treat text as pure text, but assume that when received a dome
element it actually come from a secure source.

Sanitizing all we get, including Dom Element break json-metadata editor
and a few others.

---

diff --git a/IPython/html/static/base/js/dialog.js b/IPython/html/static/base/js/dialog.js
index 25d03d9..97aa47d 100644
--- a/IPython/html/static/base/js/dialog.js
+++ b/IPython/html/static/base/js/dialog.js
@@ -1,12 +1,12 @@
 // Copyright (c) IPython Development Team.
 // Distributed under the terms of the Modified BSD License.
 
-define([
-    'base/js/namespace',
-    'jquery',
-    'codemirror/lib/codemirror',
-], function(IPython, $, CodeMirror) {
+define(function(require) {
     "use strict";
+
+    var CodeMirror = require('codemirror/lib/codemirror');
+    var IPython = require('base/js/namespace');
+    var $ = require('jquery');
     
     var modal = function (options) {
 
@@ -20,6 +20,9 @@ define([
         var dialog_content = $("<div/>")
             .addClass("modal-content")
             .appendTo(dialog);
+        if(typeof(options.body) === 'string'){
+            options.body = $("<p/>").text(options.body)
+        }
         dialog_content.append(
             $("<div/>")
                 .addClass("modal-header")
@@ -32,7 +35,7 @@ define([
                 ).append(
                     $("<h4/>")
                         .addClass('modal-title')
-                        .text(options.title || "")
+                        .text(options.title || "No Title")
                 )
         ).append(
             $("<div/>").addClass("modal-body").append(