Bug 14360: Unescaped variable causes alert pop-up

Bug 14360: Unescaped variable causes alert pop-up

To test:

1) Create a list in the OPAC, name it: <script>alert('Hello');</script>
2) Delete the list
3) Confirm deletion
4) See the alert say 'Hello'
5) Apply patch
6) Recreate list with same name
7) Delete list
8) Confirm deletion and alert no longer pops up

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit 9bef8f8738492564af7da78cba841366c70ada3c)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>