--- theme.original.inc	2008-05-14 20:54:33.000000000 +0200
+++ theme.inc	2008-05-14 20:55:56.000000000 +0200
@@ -1737,12 +1737,12 @@ function template_preprocess_page(&$vari
 
   // Construct page title
   if (drupal_get_title()) {
-    $head_title = array(strip_tags(drupal_get_title()), variable_get('site_name', 'Drupal'));
+    $head_title = array(strip_tags(drupal_get_title()), check_plain(variable_get('site_name', 'Drupal')));
   }
   else {
-    $head_title = array(variable_get('site_name', 'Drupal'));
+    $head_title = array(check_plain(variable_get('site_name', 'Drupal')));
     if (variable_get('site_slogan', '')) {
-      $head_title[] = variable_get('site_slogan', '');
+      $head_title[] = check_plain(variable_get('site_slogan', ''));
     }
   }
   $variables['head_title']        = implode(' | ', $head_title);