### Eclipse Workspace Patch 1.0
#P drupal-contrib-cvs
Index: modules/l10n_client/l10n_client.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/l10n_client/l10n_client.module,v
retrieving revision 1.11
diff -u -r1.11 l10n_client.module
--- modules/l10n_client/l10n_client.module	25 Mar 2008 18:02:10 -0000	1.11
+++ modules/l10n_client/l10n_client.module	26 Apr 2008 20:24:18 -0000
@@ -161,7 +161,7 @@
   foreach ($strings as $values) {
     $source = $values[0] === TRUE ? '' : $values[0];
     $target = $values[1] === TRUE ? '' : $values[1];
-    $output .= "<div><span class='source'>$source</span><span class='target'>$target</span></div>";
+    $output .= "<div><span class='source'>". htmlentities($source) ."</span><span class='target'>". htmlentities($target) ."</span></div>";
   }
   return "<div id='l10n-client-data'>$output</div>";
 }
@@ -183,6 +183,8 @@
     // TRUE means we don't have translation, so we use the original string,
     // so we always have the string displayed on the page in the dropdown.
     $original = $values[1] === TRUE ? $values[0] : $values[1];
+    // Encode html tags, at least for display
+    $original = htmlentities($original);
     // Remove html tags, at least for display
     $original = strip_tags($original);
     // Truncate and add ellipsis if too long.
