In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
{ "ubuntu_priority": "medium" }