Index: modules/node/node.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.pages.inc,v
retrieving revision 1.33
diff -u -r1.33 node.pages.inc
--- modules/node/node.pages.inc	22 Aug 2008 12:38:02 -0000	1.33
+++ modules/node/node.pages.inc	24 Aug 2008 02:43:11 -0000
@@ -11,7 +11,7 @@
  * Menu callback; presents the node editing form, or redirects to delete confirmation.
  */
 function node_page_edit($node) {
-  drupal_set_title($node->title);
+  drupal_set_title(check_plain($node->title));
   return drupal_get_form($node->type . '_node_form', $node);
 }
 
Index: modules/node/node.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.test,v
retrieving revision 1.4
diff -u -r1.4 node.test
--- modules/node/node.test	26 Jun 2008 11:40:07 -0000	1.4
+++ modules/node/node.test	24 Aug 2008 02:46:31 -0000
@@ -372,9 +372,9 @@
       'name' => t('Unauthorized node view'),
       'description' => t('Creates a node of type page and then an unpermissioned user attempts to edit the node, '
         . 'before tries with an anonymous user. Asserts failure.'
-        . '</ br>WARNING: This is based on default registered user permissions (no administer nodes).')
-      , 'group' => t('Node'),
-  );
+        . '</ br>WARNING: This is based on default registered user permissions (no administer nodes).'),
+      'group' => t('Node'),
+    );
   }
 
   function testPageView() {
@@ -399,3 +399,38 @@
     node_delete($node->nid);
   }
 }
+
+class NodeTitleXSSTestCase extends DrupalWebTestCase {
+  /**
+   * Implementation of getInfo().
+   */
+  function getInfo() {
+     return array(
+      'name' => t('XSS attacks in node title'),
+      'description' => t('Create a node with dangerous tags in its title, and make sure that they are escaped.'),
+      'group' => t('Node'),
+    );
+  }
+
+  function testNodeTitleXSS() {
+    // Prepare a user to do the stuff.
+    $web_user = $this->drupalCreateUser(array('create page content', 'edit any page content'));
+    $this->drupalLogin($web_user);
+
+    $xss = '<script>alert("xss")</script>';
+
+    $edit = array(
+      'title' => $xss . $this->randomName(),
+    );
+    $this->drupalPost('node/add/page', $edit, t('Preview'));
+    $this->assertNoRaw($xss, t('Harmful tags are escaped when previewing a node.'));
+
+    $node = $this->drupalCreateNode($edit);
+
+    $this->drupalGet('node/' . $node->nid);
+    $this->assertNoRaw($xss, t('Harmful tags are escaped when viewing a node.'));
+
+    $this->drupalGet('node/' . $node->nid . '/edit');
+    $this->assertNoRaw($xss, t('Harmful tags are escaped when editing a node.'));
+  }
+}
\ No newline at end of file