Possible security issue when rendering an events header or body

[dittodhole]

Following lines in code:

$calEvent.find('.wc-time').html(this.options.eventHeader(calEvent, this.element) + suffix);
$calEvent.find('.wc-title').html(this.options.eventBody(calEvent, this.element));

Shouldn't those rather be .text()-calls? Or even better: outsource that to another overridable method...

[dittodhole]

closing due to lack of interest.