Index: tellafriend.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/tellafriend/tellafriend.module,v
retrieving revision 1.19
diff -u -p -r1.19 tellafriend.module
--- tellafriend.module	26 Aug 2009 16:45:10 -0000	1.19
+++ tellafriend.module	17 Oct 2009 05:56:04 -0000
@@ -284,7 +284,7 @@ function tellafriend_block($op = 'list',
       if (user_access('access tellafriend form')) {  
         //drupal_set_message('option = ' . variable_get('tellafriend_block_style'), 'error');       
       
-        $block['subject'] = variable_get('tellafriend_block_title', t("Spread the world..."));      
+        $block['subject'] = filter_xss_admin(variable_get('tellafriend_block_title', t("Spread the world...")));      
         if (variable_get('tellafriend_block_style', 0) == '0') { //Link       
           $blockContent .= '<ul><li class="leaf">' . l(t(variable_get('tellafriend_block_linklabel', t("Tell a friend..."))), 'tellafriend') . '</li></ul>';
           $block['content'] = $blockContent;