MAGETWO-98353: New review form changes

Author: OlgaVasyltsun

app/code/Magento/Review/Block/Adminhtml/Add.php

@@ -94,13 +94,14 @@ protected function _construct()
                         if( response.error ) {
                             alert(response.message);
                         } else if( response.id ){
+                            var productName = response.name;
                             $("product_id").value = response.id;
 
                             $("product_name").innerHTML = \'<a href="' .
             $this->getUrl(
                 'catalog/product/edit'
             ) .
-            'id/\' + response.id + \'" target="_blank">\' + response.name + \'</a>\';
+            'id/\' + response.id + \'" target="_blank">\' + productName.escapeHTML() + \'</a>\';
                         } else if ( response.message ) {
                             alert(response.message);
                         }