This is the second attempt to patch against one more of the billion XSS
vulnerabilities. They're everywhere!
This was reported by David Shaw at Redspin, Inc. and documented at:
I created a patient with name of "<script>alert("broken");</script>"
and then fixed all of the instances where I got an alert by browsing
around the application. There may be more.
To reduce these in the future, please wrap any user-submitted data in
htmlspecialchars() before displaying it.