HTML Escape column filter data.

HTML Escape column filter data when it is read back from the the
configuration cookie to prevent potential XSS.

Unwanted side effect: Strings with single quotes won't work properly.  This
is annoying, but because filters are not anchored, you can always filter for
Brian instead of O'Brian.  (For example.)

Change-Id: I821e1ddc9169ff5e5b0434117d887d170bfa627e
diff --git a/app/soc/content/js/melange.list.cookie_service.js b/app/soc/content/js/melange.list.cookie_service.js
index b26918e..106d877 100644
--- a/app/soc/content/js/melange.list.cookie_service.js
+++ b/app/soc/content/js/melange.list.cookie_service.js
@@ -15,6 +15,14 @@
 /**
  * @author <a href="mailto:fadinlight@gmail.com">Mario Ferraro</a>
  */
+
+function htmlEscape(data) {
+  /** escapes potentially HTML containing content using createTextNode */
+  var div = document.createElement('div');
+  div.appendChild(document.createTextNode(data));
+  return div.innerHTML;
+}
+
 (function () {
   /** @lends melange.list.cookie_service */
 
@@ -179,7 +187,7 @@
           var column = jLinq.from(colModel).equals("name",column_name).select()[0];
           if (column !== undefined) {
             column.searchoptions = {
-              defaultValue: column_filter
+              defaultValue: htmlEscape(column_filter)
             };
           }
         });