[SECURITY] Fix XSS injection vulnerabilities in question answers, event, quota and product names

src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html

@@ -2,6 +2,7 @@
 {% load i18n %}
 {% load compress %}
 {% load staticfiles %}
+{% load escapejson %}
 {% block title %}{% trans "Statistics" %}{% endblock %}
 {% block content %}
     <h1>{% trans "Statistics" %}</h1>
@@ -30,9 +31,9 @@
                 <div id="obp_chart" class="chart"></div>
             </div>
         </div>
-        <script type="application/json" id="obd-data">{{ obd_data|safe }}</script>
-        <script type="application/json" id="rev-data">{{ rev_data|safe }}</script>
-        <script type="application/json" id="obp-data">{{ obp_data|safe }}</script>
+        <script type="application/json" id="obd-data">{{ obd_data|escapejson }}</script>
+        <script type="application/json" id="rev-data">{{ rev_data|escapejson }}</script>
+        <script type="application/json" id="obp-data">{{ obp_data|escapejson }}</script>
         <script type="application/text" id="currency">{{ request.event.currency }}</script>
         <script type="application/javascript" src="{% static "pretixplugins/statistics/statistics.js" %}"></script>
     {% else %}