* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)