I've spent a bit of time looking at this. I can confirm the problem.
The problem is in our angular metadata widget. When item.leaf.name is used in html such as in horizon/static/angular/metadata-tree/metadata-tree-item.html it needs to be escaped. I'm not sure if that's better accomplished in the template or the js.
I've spent a bit of time looking at this. I can confirm the problem.
The problem is in our angular metadata widget. When item.leaf.name is used in html such as in horizon/ static/ angular/ metadata- tree/metadata- tree-item. html it needs to be escaped. I'm not sure if that's better accomplished in the template or the js.