Fix XSS in calendar.html (#2868)

* Fix XSS in calendar.html

* Remove console.log

pages/calendar.html

@@ -889,7 +889,6 @@
     new Draggable(containerEl, {
       itemSelector: '.external-event',
       eventData: function(eventEl) {
-        console.log(eventEl);
         return {
           title: eventEl.innerText,
           backgroundColor: window.getComputedStyle( eventEl ,null).getPropertyValue('background-color'),
@@ -971,12 +970,12 @@
 
     /* ADDING EVENTS */
     var currColor = '#3c8dbc' //Red by default
-    //Color chooser button
+    // Color chooser button
     $('#color-chooser > li > a').click(function (e) {
       e.preventDefault()
-      //Save color
+      // Save color
       currColor = $(this).css('color')
-      //Add color effect to button
+      // Add color effect to button
       $('#add-new-event').css({
         'background-color': currColor,
         'border-color'    : currColor
@@ -984,26 +983,26 @@
     })
     $('#add-new-event').click(function (e) {
       e.preventDefault()
-      //Get value and make sure it is not null
+      // Get value and make sure it is not null
       var val = $('#new-event').val()
       if (val.length == 0) {
         return
       }
 
-      //Create events
+      // Create events
       var event = $('<div />')
       event.css({
         'background-color': currColor,
         'border-color'    : currColor,
         'color'           : '#fff'
       }).addClass('external-event')
-      event.html(val)
+      event.text(val)
       $('#external-events').prepend(event)
 
-      //Add draggable funtionality
+      // Add draggable funtionality
       ini_events(event)
 
-      //Remove event from text input
+      // Remove event from text input
       $('#new-event').val('')
     })
   })