<%= f.error_messages %>
<p>
- <%= f.label :reason, t('user_block.edit.reason', :name => @user_block.user.display_name) %><br />
+ <%= f.label :reason, t('user_block.edit.reason', :name => h(@user_block.user.display_name)) %><br />
<%= f.text_area :reason %>
</p>
<p>