Fix an XSS in the result graph

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

app/inc/smarty.php

@@ -73,6 +73,10 @@ function smarty_modifier_addslashes_single_quote($string) {
     return addcslashes($string, '\\\'');
 }
 
+function smarty_modifier_addslashes($string) {
+    return addslashes($string);
+}
+
 function smarty_modifier_html($html) {
     return Utils::htmlEscape($html);
 }

tpl/part/vote_table_classic.tpl

@@ -282,7 +282,7 @@
                 });
                 var cols = [
                 {foreach $slots as $id=>$slot}
-                    $('<div/>').html('{$slot->title|markdown:true}').text(),
+                    "{$slot->title|markdown:true|addslashes}",
                 {/foreach}
                 ];