Give the gift of Drupal. All merchandise is 50% off through 2016.
Omega does not properly escape the
site_name variable when it uses it for the
title attributes in the $logo_img and $linked_logo_img template variables.
This means if a site_name has any html code in it, that rendering the logo image in the page could render undesired (eg xss) html codes.
Patch coming below.