@@ -, +, @@ 
 tool-tip
---
 .../univention-management-console-module-ucr/debian/changelog      | 6 ++++++
 .../univention-management-console-module-ucr/umc/js/ucr.js         | 7 ++++---
 2 files changed, 10 insertions(+), 3 deletions(-)
--- a/branches/ucs-4.0/ucs-4.0-1/management/univention-management-console-module-ucr/debian/changelog	
+++ a/branches/ucs-4.0/ucs-4.0-1/management/univention-management-console-module-ucr/debian/changelog	
@@ -1,3 +1,9 @@ 
+univention-management-console-module-ucr (4.1.1-4) unstable; urgency=low
+
+  * Bug #38036: Encode HTML entities in description and tool-tip
+
+ -- Philipp Hahn <hahn@univention.de>  Fri, 13 Mar 2015 11:52:02 +0100
+
 univention-management-console-module-ucr (4.1.1-3) unstable; urgency=medium
 
   * Bug #37742: fix dialog design for small devices
--- a/branches/ucs-4.0/ucs-4.0-1/management/univention-management-console-module-ucr/umc/js/ucr.js	
+++ a/branches/ucs-4.0/ucs-4.0-1/management/univention-management-console-module-ucr/umc/js/ucr.js	
@@ -35,6 +35,7 @@ define([
 	"dojo/_base/array",
 	"dojo/aspect",
 	"dojo/sniff",
+	"dojox/html/entities",
 	"dijit/Dialog",
 	"dijit/form/_TextBoxMixin",
 	"umc/tools",
@@ -52,7 +53,7 @@ define([
 	"umc/widgets/Tooltip",
 	"umc/i18n!umc/modules/ucr",
 	"xstyle/css!./ucr.css"
-], function(declare, lang, kernel, array, aspect, has, Dialog, _TextBoxMixin, tools, dialog, Form, Grid, Module, Page, SearchForm, StandbyMixin, TextBox, Text, HiddenInput, ComboBox, Tooltip, _) {
+], function(declare, lang, kernel, array, aspect, has, entities, Dialog, _TextBoxMixin, tools, dialog, Form, Grid, Module, Page, SearchForm, StandbyMixin, TextBox, Text, HiddenInput, ComboBox, Tooltip, _) {
 
 	var _DetailDialog = declare([Dialog, StandbyMixin], {
 		_form: null,
@@ -135,7 +136,7 @@ define([
 				if (text) {
 					// we have description, update the description field
 					descWidget.set('visible', true);
-					descWidget.set('content', '<i>' + text + '</i>');
+					descWidget.set('content', '<i>' + entities.encode(text) + '</i>');
 				}
 				else {
 					// no description -> hide widget and label
@@ -368,7 +369,7 @@ define([
 			var item = this._grid.getRowValues(rowIndex);
 			if (item.description) {
 				var tooltip = new Tooltip({
-					label: item.description,
+					label: entities.encode(item.description),
 					connectId: [widget.domNode],
 					position: ['below']
 				});
--