X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/7b172efeb62dca337e356dab0d14c69ec51216b7..2cbcabb3f6992904903a72dfbcef624bd391a314:/app/views/user/account.rhtml

diff --git a/app/views/user/account.rhtml b/app/views/user/account.rhtml
index b25cb0071..1a18c90b2 100644
--- a/app/views/user/account.rhtml
+++ b/app/views/user/account.rhtml
@@ -34,9 +34,9 @@
 </script>
 
 <% if @user.home_lat.nil? or @user.home_lon.nil? %>
-  <% lon =  params['lon'] || '-0.1' %>
-  <% lat =  params['lat'] || '51.5' %>
-  <% zoom =  params['zoom'] || '4' %> 
+  <% lon = h(params['lon']) || '-0.1' %>
+  <% lat = h(params['lat']) || '51.5' %>
+  <% zoom = h(params['zoom']) || '4' %> 
 <% else %>
   <% marker = true %>
   <% mlon = @user.home_lon %>