Added htmlEntities to alerts in server.js.

app/server/server.js

@@ -1107,6 +1107,7 @@ Meteor.methods({
     addAlert: function (description) {
         if (isAdmin()) {
             var username = Meteor.user().profile.username;
+            description = htmlEntities(description);
             Alerts.insert({description: description, active: true, createdBy: username});
             return true;
         } else {
@@ -1750,4 +1751,4 @@ Meteor.users.after.insert(function (err, user) {
 
 function htmlEntities(str) {
     return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
-}
+}