Escape page title.

[rails.git] / app / views / layouts / site.rhtml

diff --git a/app/views/layouts/site.rhtml b/app/views/layouts/site.rhtml
index 7a11ae101563c84bfc57008a396037ea2db9b0f7..bcb479ccacf7fdd600557e6f1317c1b478ea9389 100644 (file)
--- a/app/views/layouts/site.rhtml
+++ b/app/views/layouts/site.rhtml
@@ -7,7 +7,7 @@
     <%= stylesheet_link_tag 'site' %>
     <%= stylesheet_link_tag 'print', :media => "print" %>
     <%= tag("link", { :rel => "search", :type => "application/opensearchdescription+xml", :title => "OpenStreetMap Search", :href => "/opensearch/osm.xml" }) %>
-    <title>OpenStreetMap<%= ' | '+@title if @title %></title>
+    <title>OpenStreetMap<%= ' | '+ h(@title) if @title %></title>
   </head>
   <body>
     <div id="content">
@@ -20,7 +20,7 @@
 
     <span id="greeting">
       <% if @user and @user.id %>
-        Welcome, <%= link_to @user.display_name, {:controller => 'user', :action => 'view', :display_name => @user.display_name}%> | 
+        Welcome, <%= link_to h(@user.display_name), {:controller => 'user', :action => 'view', :display_name => @user.display_name}%> | 
         <% @inbox_weight = 'bold' if @user.new_messages.size > 0 %>
         <%= yield :greeting %>
         <%= link_to "inbox (#{@user.new_messages.size})", {:controller => 'message', :action => 'inbox', :display_name => @user.display_name}, {:style => "font-weight: #{@inbox_weight};" } %> |