This is related to jQuery 1.9's change in how HTML is recognized by the $() function.
The locations are:
- Apparent arbitrary HTML (probably XSS-safe, but not necessarily starting with <), from the API used in ext.moodBar.dashboard.js (245): Should use parseHTML
- moodbar.tpl.type on 256 of ext.moodbar.core.js (line continuation), similar ones elsewhere in file (moodbar.tpl/mb.tpl in general). Strings in tpl start with newlines and space rather than <.