#6 Control characters in query values mess up Javascript

[Bart Lamiroy]

In functions getNameById() and getDescById in dae_data/dae_data_query.inc (and possibly others, elsewhere) the returned values are directly injected into the resulting HTML/Javascript code, causing quotes and parentheses to create trouble.

This may potentially become a code injection vulnerability if people conceive specifically crafted type names, for instance.