Dashboard settings: escape panes' names to prevent XSS

application/views/scripts/dashboard/settings.phtml

@@ -20,7 +20,7 @@
             <?php foreach ($this->dashboard->getPanes() as $pane): ?>
                 <tr style="background-color: #f1f1f1;">
                     <th colspan="2" style="text-align: left; padding: 0.5em;">
-                        <?= $pane->getName(); ?>
+                        <?= $this->escape($pane->getName()) ?>
                     </th>
                     <th>
                         <?= $this->qlink(