Comment 0 for bug 1819547

This is an oversight in the collection nav system when we added smart evidence and have collection nav display on the matrix page. The collection name is not being escaped.

To test:
1) Have smart evidence turned on for an institution
2) Create a collection and give it a title/name like: <script>alert(document.cookie);</script>
3) Add pages to the collection
4) Make sure to assign a SmartEvidence option to the collection
5) Visit the collection matrix page - you should get an alert pop-up displaying

We just need to escape the collection title before passing it to the collectionnav.tpl