Index: misc/drupal.js
===================================================================
RCS file: /cvs/drupal/drupal/misc/drupal.js,v
retrieving revision 1.41.2.1
diff -u -p -r1.41.2.1 drupal.js
--- misc/drupal.js	6 Feb 2008 12:18:04 -0000	1.41.2.1
+++ misc/drupal.js	27 Feb 2008 19:30:45 -0000
@@ -51,7 +51,8 @@ Drupal.checkPlain = function(str) {
   str = String(str);
   var replace = { '&': '&amp;', '"': '&quot;', '<': '&lt;', '>': '&gt;' };
   for (var character in replace) {
-    str = str.replace(character, replace[character]);
+    var regex = new RegExp(character, 'g');
+    str = str.replace(regex, replace[character]);
   }
   return str;
 };
Index: modules/node/node.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.pages.inc,v
retrieving revision 1.28
diff -u -p -r1.28 node.pages.inc
--- modules/node/node.pages.inc	3 Feb 2008 19:26:10 -0000	1.28
+++ modules/node/node.pages.inc	27 Feb 2008 19:30:45 -0000
@@ -11,7 +11,7 @@
  * Menu callback; presents the node editing form, or redirects to delete confirmation.
  */
 function node_page_edit($node) {
-  drupal_set_title($node->title);
+  drupal_set_title(check_plain($node->title));
   return drupal_get_form($node->type .'_node_form', $node);
 }