Fix query tool launch error if user name contain html characters. Fixes #4674

docs/en_US/release_notes_4_13.rst

@@ -30,3 +30,4 @@ Bug fixes
 | `Issue #4644 <https://redmine.postgresql.org/issues/4644>`_ -  Fix length and precision enable/disable issue when changing the data type for Domain node.
 | `Issue #4650 <https://redmine.postgresql.org/issues/4650>`_ -  Fix SQL tab issue for Views. It's a regression of compound triggers.
 | `Issue #4657 <https://redmine.postgresql.org/issues/4657>`_ -  Fix PGADMIN_SERVER_JSON_FILE environment variable support in the container.
+| `Issue #4674 <https://redmine.postgresql.org/issues/4674>`_ -  Fix query tool launch error if user name contain html characters.

web/pgadmin/tools/datagrid/static/js/datagrid.js

@@ -227,7 +227,7 @@ define('pgadmin.datagrid', [
         queryToolForm +=`
           </form>
             <script>
-              document.getElementById("title").value = "${panel_title}";
+              document.getElementById("title").value = "${_.escape(panel_title)}";
               document.getElementById("queryToolForm").submit();
             </script>
           `;

web/pgadmin/tools/datagrid/static/js/datagrid_panel_title.js

@@ -52,6 +52,6 @@ export function setQueryToolDockerTitle(panel, is_query_tool, panel_title, is_fi
     panel_icon = 'fa fa-bolt';
   }
 
-  panel.title('<span title="'+ panel_tooltip +'">'+ panel_title +'</span>');
+  panel.title('<span title="'+ _.escape(panel_tooltip) +'">'+ _.escape(panel_title) +'</span>');
   panel.icon(panel_icon);
 }

web/pgadmin/tools/sqleditor/static/js/sqleditor.js

@@ -3436,7 +3436,7 @@ define('tools.querytool', [
               // Find the title of the visible panel
               _.each(window.top.pgAdmin.Browser.docker.findPanels('frm_datagrid'), function(p) {
                 if (p.isVisible()) {
-                  self.gridView.panel_title = $(p._title).html();
+                  self.gridView.panel_title = $(p._title).text();
                 }
               });