Bug: 14857

Escape user supplied color data, preventing XSS vuln.

lib/View/Sidebar.php

@@ -221,7 +221,7 @@ public function addRow(array $row, $container = '')
             if (strlen($row['style'])) {
                 $row['style'] .= ';';
             }
-            $row['style'] .= 'background-color:' . $row['color']
+            $row['style'] .= 'background-color:' . htmlspecialchars($row['color'])
                 . ';color:#' . $foreground;
             if (isset($row['edit'])) {
                 $row['editLink'] = $row['edit']