repos: extra HTML escaping of repo and repo group names shown in DataTables These names will already have been "slugged" and can thus not contain anything that can be used for any attack. But let's be explicitly safe and escape them anyway. raw_name without escaping would cause XSS *if* it was possible to create unsafe repo names. just_name must be escaped in order to make search work correctly - for example if searching for '<' ... *if* it was possible for names to contain that.