Comment 1 for bug 2019157

Here is a branch in the security repo: user/sandbergja/lp2019157-reflected-xss-in-orgselect

Steps to test, from the commit message:

1. If you don't already have a library group, go to Admin > Server > Library Groups and make one that is Global.
2. In your browser, go to [your_domain]/eg/opac/home?locg='><script>alert('bad bad bad')</script>
3. Note that the site executes javascript code that is passed in via the URL.
4. Apply this patch
5. Repeat step 2.
6. Note that the arbitrary js does not get run anymore.
7. Confirm that library group searching still works as expected.