diff --git a/static/js/map/overlays/BorderOverlay.js b/static/js/map/overlays/BorderOverlay.js
index 1f5139e..189862e 100644
--- a/static/js/map/overlays/BorderOverlay.js
+++ b/static/js/map/overlays/BorderOverlay.js
@@ -1,4 +1,5 @@
import AbstractGeoJsonOverlay from './AbstractGeoJsonOverlay.js';
+import { HtmlSanitizer } from '../../lib/HtmlSanitizer.js';
export default AbstractGeoJsonOverlay.extend({
initialize: function() {
@@ -80,7 +81,7 @@ export default AbstractGeoJsonOverlay.extend({
"properties":{
"name": bordername,
"color": borderColors[bordername],
- "popupContent": "Border (" + bordername + ")"
+ "popupContent": "Border (" + HtmlSanitizer.SanitizeHtml(bordername) + ")"
}
};
diff --git a/static/js/map/overlays/LabelOverlay.js b/static/js/map/overlays/LabelOverlay.js
index ce1075e..3e8515f 100644
--- a/static/js/map/overlays/LabelOverlay.js
+++ b/static/js/map/overlays/LabelOverlay.js
@@ -1,4 +1,5 @@
import AbstractIconOverlay from './AbstractIconOverlay.js';
+import { HtmlSanitizer } from '../../lib/HtmlSanitizer.js';
export default AbstractIconOverlay.extend({
initialize: function() {
@@ -27,7 +28,7 @@ export default AbstractIconOverlay.extend({
fill='${lbl.attributes.color}'
dominant-baseline="central"
transform="rotate(${lbl.attributes.direction}, 100, 100)">
- ${lbl.attributes.text}
+ ${HtmlSanitizer.SanitizeHtml(lbl.attributes.text)}
`;