The index page doesn't sanitize the activity name upon retrieval from the database, allowing for potential XSS to take place
