17 files changed, 36 insertions, 36 deletions

diff --git a/askbot/skins/default/templates/badge.html b/askbot/skins/default/templates/badge.html
index d1f75617..b2c4ce8b 100644
--- a/askbot/skins/default/templates/badge.html
+++ b/askbot/skins/default/templates/badge.html
@@ -20,7 +20,7 @@
             <div class="user">
                 <ul>
                     <li class="thumb">{{ gravatar(recipient, 32) }}</li>
-                    <li><a href="{{ recipient.get_absolute_url() }}">{{recipient.username}}</a></li>
+                    <li><a href="{{ recipient.get_absolute_url() }}">{{recipient.username|escape}}</a></li>
                     <li>{{ macros.user_score_and_badge_summary(recipient) }}</li>
                 </ul>
             </div>
diff --git a/askbot/skins/default/templates/email/ask_for_signature.html b/askbot/skins/default/templates/email/ask_for_signature.html
index e4449433..cafeee2b 100644
--- a/askbot/skins/default/templates/email/ask_for_signature.html
+++ b/askbot/skins/default/templates/email/ask_for_signature.html
@@ -1,6 +1,6 @@
 {% import "email/macros.html" as macros %}
 <p style="{{ macros.heading_style() }}">
-    {% trans %}{{ username }}, please reply to this message.{% endtrans %}
+    {% trans user=username|escape %}{{ user }}, please reply to this message.{% endtrans %}
 </p>
 <p>
     {% trans %}Your post could not be published, because we could not detect signature in your email.{% endtrans %}<br/>
diff --git a/askbot/skins/default/templates/email/insufficient_rep_to_post_by_email.html b/askbot/skins/default/templates/email/insufficient_rep_to_post_by_email.html
index da4c93ca..284cc1b0 100644
--- a/askbot/skins/default/templates/email/insufficient_rep_to_post_by_email.html
+++ b/askbot/skins/default/templates/email/insufficient_rep_to_post_by_email.html
@@ -6,7 +6,7 @@
     * site_link - html for the link
 #}
 <p style="{{ macros.heading_style() }}">
-    {% trans %}{{ username }}, your question could not be posted by email just yet.{% endtrans %}
+    {% trans user=username|escape %}{{ username }}, your question could not be posted by email just yet.{% endtrans %}
 </p>
 <p>
     {% trans %}To make posts by email, you need to receive about {{min_upvotes}} upvotes.{% endtrans %}<br/>
diff --git a/askbot/skins/default/templates/email/macros.html b/askbot/skins/default/templates/email/macros.html
index 1acbf515..d7817bf9 100644
--- a/askbot/skins/default/templates/email/macros.html
+++ b/askbot/skins/default/templates/email/macros.html
@@ -7,7 +7,7 @@
 %}
     {% spaceless %}
         {{ start_quote(quote_level) }}
-            {% set author = post.author.username %}
+            {% set author = post.author.username|escape %}
             {% if post.post_type == 'question' %}
                 <p>
                     {% if format == 'parent_subthread' %}
diff --git a/askbot/skins/default/templates/feedback.html b/askbot/skins/default/templates/feedback.html
index 85b5d00a..04b9a5b4 100644
--- a/askbot/skins/default/templates/feedback.html
+++ b/askbot/skins/default/templates/feedback.html
@@ -11,7 +11,7 @@
 <form method="post" action="{% url feedback %}" accept-charset="utf-8">{% csrf_token %}
     {% if user.is_authenticated() %}
         <p class="message">
-        {% trans user_name=user.username %}
+        {% trans user_name=user.username|escape %}
         <span class='big strong'>Dear {{user_name}}</span>, we look forward to hearing your feedback. 
         Please type and send us your message below.
         {% endtrans %}
diff --git a/askbot/skins/default/templates/help.html b/askbot/skins/default/templates/help.html
index 7dc58f5d..204fc086 100644
--- a/askbot/skins/default/templates/help.html
+++ b/askbot/skins/default/templates/help.html
@@ -4,7 +4,7 @@
 <h1 class='section-title'>{% trans %}Help{% endtrans %}</h1>
 <p>
     {% if request.user.is_authenticated() %}
-        {% trans username = request.user.username %}Welcome {{username}},{% endtrans %}
+        {% trans username = request.user.username|escape %}Welcome {{username}},{% endtrans %}
     {% else %}
         {% trans %}Welcome,{% endtrans %}
     {% endif %}
diff --git a/askbot/skins/default/templates/macros.html b/askbot/skins/default/templates/macros.html
index 485713aa..3e463c1c 100644
--- a/askbot/skins/default/templates/macros.html
+++ b/askbot/skins/default/templates/macros.html
@@ -10,7 +10,7 @@
     {# follow - boolean; name - object type name; alias - e.g. users name; id - object id #}
     <div 
         class="follow-toggle follow-user-toggle" 
-        id="follow-{{ name }}-{{ id }}"
+        id="follow-{{ name|escape }}-{{ id }}"
     >
         {% if follow %}
         <div class="follow">{% trans %}follow {{alias}}{% endtrans %}</div>
@@ -29,18 +29,18 @@
     <div class="face">
     {{ gravatar(response.user, 48) }}
     </div>
-    <a style="font-size:12px" href="{{ response.user.get_absolute_url() }}">{{ response.user.username }}</a>
+    <a style="font-size:12px" href="{{ response.user.get_absolute_url() }}">{{ response.user.username|escape }}</a>
     <a style="text-decoration:none;" href="{{ response.response_url }}">
          {{ response.response_type }}
          ({{ timeago(response.timestamp) }}):<br/>
          {% if inbox_section != 'flags' %}
-             {{ response.response_snippet }}
+             {{ response.response_snippet|escape }}
          {% endif %}
     </a>
     {% if inbox_section == 'flags' %}
          <a class="re_expand" href="{{ response.response_url }}">
-              <!--div class="re_snippet">{{ response.response_snippet }}</div-->
-              <div class="re_content">{{ response.response_content }}</div>
+              <!--div class="re_snippet">{{ response.response_snippet|escape }}</div-->
+              <div class="re_content">{{ response.response_content|escape }}</div>
          </a>
     {% endif %}
 </div>
@@ -291,14 +291,14 @@ poor design of the data or methods on data objects #}
             class="tag tag-right{% if css_class %} {{ css_class }}{% endif %}"
             {% if is_link %}
             href="{{ search_state.add_tag(tag).full_url() }}"
-            title="{% trans %}see questions tagged '{{ tag }}'{% endtrans %}"
+            title="{% trans tag=tag|escape %}see questions tagged '{{ tag }}'{% endtrans %}"
             {% endif %}
             rel="tag"
             data-tag-name="{{ tag|replace('*', '&#10045;')|escape }}"
         >{% if truncate_long_tag -%}
-            {{ tag|replace('*', '&#10045;')|truncate(17, True) }}
+            {{ tag|replace('*', '&#10045;')|truncate(17, True)|escape }}
         {%- else -%}
-            {{ tag|replace('*', '&#10045;') }}
+            {{ tag|replace('*', '&#10045;')|escape }}
         {%- endif %}</{% if not is_link or tag[-1] == '*' %}span{% else %}a{% endif %}>
         {% if deletable %}
             <div class="delete-icon"
@@ -402,7 +402,7 @@ for the purposes of the AJAX comment editor #}
                     </div>
                     <div class="comment-body">
                         {{comment.html}}
-                        <a class="author" href="{{comment.author.get_profile_url()}}">{{comment.author.username}}</a>
+                        <a class="author" href="{{comment.author.get_profile_url()}}">{{comment.author.username|escape}}</a>
                         <span class="age">&nbsp;({{ timeago(comment.added_at) }})</span>
                         <a id="post-{{comment.id}}-edit"
                             class="edit">{% trans %}edit{% endtrans %}</a>
@@ -546,13 +546,13 @@ answer {% if answer.accepted() %}accepted-answer{% endif %} {% if answer.author_
 
 {%- macro follow_user_toggle(visitor = None, subject = None) -%}
     {% if visitor.is_anonymous() %}
-        {{ follow_toggle(True, 'user', subject.username, subject.id) }}
+        {{ follow_toggle(True, 'user', subject.username|escape, subject.id) }}
     {% else %}
         {% if visitor != subject %}
             {% if visitor.is_following(subject) %}
-                {{ follow_toggle(False, 'user', subject.username, subject.id) }}
+                {{ follow_toggle(False, 'user', subject.username|escape, subject.id) }}
             {% else %}
-                {{ follow_toggle(True, 'user', subject.username, subject.id) }}
+                {{ follow_toggle(True, 'user', subject.username|escape, subject.id) }}
             {% endif %}
         {% endif %}
     {% endif %}
@@ -572,7 +572,7 @@ answer {% if answer.accepted() %}accepted-answer{% endif %} {% if answer.author_
                 endtrans %}"
             title="{% trans 
                     country=user.country.name, 
-                    person=user.username %}{{person}} is from {{country}}{%
+                    person=user.username|escape %}{{person}} is from {{country}}{%
                  endtrans %}"
         />
     {% endif %}
@@ -607,8 +607,8 @@ answer {% if answer.accepted() %}accepted-answer{% endif %} {% if answer.author_
 ><img class="gravatar" 
     width="{{size}}" height="{{size}}"
     src="{{ user.get_avatar_url(size) }}"
-    title="{{user.username}}" 
-    alt="{% trans username=user.username %}{{username}} gravatar image{% endtrans %}" 
+    title="{{user.username|escape}}" 
+    alt="{% trans username=user.username|escape %}{{username}} gravatar image{% endtrans %}" 
 /></a>
 {% endspaceless %}
 {%- endmacro -%}
@@ -708,7 +708,7 @@ answer {% if answer.accepted() %}accepted-answer{% endif %} {% if answer.author_
     {% if user.new_response_count > 0 or user.seen_response_count > 0 %}
     <a id='ab-responses' href="{{user.get_absolute_url()}}?sort=inbox&section=forum">
         <img 
-            alt="{% trans username=user.username %}responses for {{username}}{% endtrans %}"
+            alt="{% trans username=user.username|escape %}responses for {{username}}{% endtrans %}"
             {% if user.new_response_count > 0 %}
                 src="{{ "/images/mail-envelope-full.png"|media }}"
                 title="{% trans response_count=user.new_response_count %}you have {{response_count}} new response{% pluralize %}you have {{response_count}} new responses{% endtrans %}"
diff --git a/askbot/skins/default/templates/reopen.html b/askbot/skins/default/templates/reopen.html
index 894fa3a0..52d926ce 100644
--- a/askbot/skins/default/templates/reopen.html
+++ b/askbot/skins/default/templates/reopen.html
@@ -10,7 +10,7 @@
     </a>
 </p>
 <p>{% trans %}This question has been closed by 
-    <a href="{{closed_by_profile_url}}">{{closed_by_username}}</a>
+    <a href="{{closed_by_profile_url}}">{{closed_by_username|escape}}</a>
 {% endtrans %}
 </p>
 <p>
diff --git a/askbot/skins/default/templates/user_profile/user.html b/askbot/skins/default/templates/user_profile/user.html
index fb40b206..2f06a3c9 100644
--- a/askbot/skins/default/templates/user_profile/user.html
+++ b/askbot/skins/default/templates/user_profile/user.html
@@ -9,7 +9,7 @@
 {% block content %}
     <h1 class="section-title">
         {% spaceless %}
-        {% trans username=view_user.username %}{{username}}'s profile{% endtrans %} - {% block profilesection %}{% endblock %}
+        {% trans username=view_user.username|escape %}{{username}}'s profile{% endtrans %} - {% block profilesection %}{% endblock %}
         {% endspaceless %}
     </h1>
     {% include "user_profile/user_tabs.html" %}
@@ -21,7 +21,7 @@
 {% block endjs %}
     <script type="text/javascript">
         var viewUserID = {{view_user.id}};
-        askbot['data']['viewUserName'] = '{{ view_user.username }}';
+        askbot['data']['viewUserName'] = '{{ view_user.username|escape }}';
         askbot['data']['viewUserId'] = {{view_user.id}};
         askbot['urls']['edit_group_membership'] = '{% url edit_group_membership %}';
         askbot['urls']['get_groups_list'] = '{% url get_groups_list %}';
diff --git a/askbot/skins/default/templates/user_profile/user_edit.html b/askbot/skins/default/templates/user_profile/user_edit.html
index 88a21e9f..c95bf815 100644
--- a/askbot/skins/default/templates/user_profile/user_edit.html
+++ b/askbot/skins/default/templates/user_profile/user_edit.html
@@ -4,7 +4,7 @@
 {% block title %}{% spaceless %}{% trans %}Edit user profile{% endtrans %}{% endspaceless %}{% endblock %}
 {% block content %}
 <h1 class="section-title">
-    {{ request.user.username }} - {% trans %}edit profile{% endtrans %}
+    {{ request.user.username|escape }} - {% trans %}edit profile{% endtrans %}
 </h1>
 <div id="main-body" style="width:100%;padding-top:10px">
     <form name="" action="{% url edit_user request.user.id %}" method="post">{% csrf_token %}
@@ -42,7 +42,7 @@
                     {{ form.username }}
                     <span class="form-error"> {{ form.username.errors }} </span></td>
                 {% else %}
-                    {{ view_user.username }}
+                    {{ view_user.username|escape }}
                 {% endif %}
                 </td>
                 </tr>
diff --git a/askbot/skins/default/templates/user_profile/user_moderate.html b/askbot/skins/default/templates/user_profile/user_moderate.html
index 347ec3af..a7f05b1c 100644
--- a/askbot/skins/default/templates/user_profile/user_moderate.html
+++ b/askbot/skins/default/templates/user_profile/user_moderate.html
@@ -5,7 +5,7 @@
 {% endblock %}
 {% block usercontent %}
 {% if request.user != view_user %}
-    <h3>{% trans username=view_user.username, status=view_user.get_status_display() %}{{username}}'s current status is "{{status}}"{% endtrans %}
+    <h3>{% trans username=view_user.username|escape, status=view_user.get_status_display() %}{{username}}'s current status is "{{status}}"{% endtrans %}
     </h3>
     {% if user_status_changed %}
         <p class="action-status"><span>{% trans %}User status changed{% endtrans %}</span></p>
@@ -40,7 +40,7 @@
 </form>
 {% if request.user != view_user %}
 <hr/>
-<h3>{% trans username=view_user.username %}Send message to {{username}}{% endtrans %}</h3>
+<h3>{% trans username=view_user.username|escape %}Send message to {{username}}{% endtrans %}</h3>
 <p>{% trans %}An email will be sent to the user with 'reply-to' field set to your email address. Please make sure that your address is entered correctly.{% endtrans %}</p>
     {% if message_sent %}
         <p class="action-status"><span>{% trans %}Message sent{% endtrans %}</span></p>
diff --git a/askbot/skins/default/templates/user_profile/user_network.html b/askbot/skins/default/templates/user_profile/user_network.html
index e6134e0c..f64d95b0 100644
--- a/askbot/skins/default/templates/user_profile/user_network.html
+++ b/askbot/skins/default/templates/user_profile/user_network.html
@@ -32,7 +32,7 @@
         {% if request.user == view_user %}
             <p>{% trans %}Your network is empty. Would you like to follow someone? - Just visit their profiles and click "follow"{% endtrans %}</p>
         {% else %}
-            <p>{% trans username = view_user.username %}{{username}}'s network is empty{% endtrans %}</p>
+            <p>{% trans username = view_user.username|escape %}{{username}}'s network is empty{% endtrans %}</p>
         {% endif %}
     {% endif %}
 {% endblock %}
diff --git a/askbot/skins/default/templates/user_profile/user_reputation.html b/askbot/skins/default/templates/user_profile/user_reputation.html
index 1bb9b1ba..1cdf014a 100644
--- a/askbot/skins/default/templates/user_profile/user_reputation.html
+++ b/askbot/skins/default/templates/user_profile/user_reputation.html
@@ -11,7 +11,7 @@
                 {% if view_user.id == user.id %}
                 <h2>{% trans %}Your karma change log.{% endtrans %}</h2>
                 {% else %}
-                <h2>{% trans user_name=view_user.username %}{{user_name}}'s karma change log{% endtrans %}</h2>
+                <h2>{% trans user_name=view_user.username|escape %}{{user_name}}'s karma change log{% endtrans %}</h2>
                 {% endif %}
                 {% for rep in reputation %}
                 <p>
diff --git a/askbot/skins/default/templates/user_profile/user_stats.html b/askbot/skins/default/templates/user_profile/user_stats.html
index 5e0e7426..2ccc277f 100644
--- a/askbot/skins/default/templates/user_profile/user_stats.html
+++ b/askbot/skins/default/templates/user_profile/user_stats.html
@@ -10,7 +10,7 @@
     {% if settings.GROUPS_ENABLED %}
     <div id="user-groups">
         <h2>{% trans 
-                username = view_user.username
+                username = view_user.username|escape
             %}{{username}}'s groups{% endtrans %}
         </h2>
         <table id="groups-list">
@@ -146,7 +146,7 @@
                                     <a
                                         title="{{ award.content_object.get_snippet()|collapse }}"
                                         href="{{ award.content_object.get_absolute_url() }}"
-                                    >{% if award.content_type.post_type == 'answer' %}{% trans %}Answer to:{% endtrans %}{% endif %} {{ award.content_object.thread.title }}</a>
+                                    >{% if award.content_type.post_type == 'answer' %}{% trans %}Answer to:{% endtrans %}{% endif %} {{ award.content_object.thread.title|escape }}</a>
                                 </li>
                                 {% endif %}
                             {% endfor %}
diff --git a/askbot/skins/default/templates/widgets/question_summary.html b/askbot/skins/default/templates/widgets/question_summary.html
index c6e7bc5d..5fd51e08 100644
--- a/askbot/skins/default/templates/widgets/question_summary.html
+++ b/askbot/skins/default/templates/widgets/question_summary.html
@@ -46,7 +46,7 @@
             {% if question.is_anonymous %}
                 <span class="anonymous">{{ thread.last_activity_by.get_anonymous_name() }}</span>
             {% else %}
-                <a href="{% url user_profile thread.last_activity_by.id, thread.last_activity_by.username|slugify %}">{{thread.last_activity_by.username}}</a> {{ user_country_flag(thread.last_activity_by) }}
+                <a href="{% url user_profile thread.last_activity_by.id, thread.last_activity_by.username|slugify %}">{{thread.last_activity_by.username|escape}}</a> {{ user_country_flag(thread.last_activity_by) }}
                 {#{user_score_and_badge_summary(thread.last_activity_by)}#}
             {% endif %}
         </div>
diff --git a/askbot/skins/default/templates/widgets/user_list.html b/askbot/skins/default/templates/widgets/user_list.html
index 11f2ed50..e51abc5b 100644
--- a/askbot/skins/default/templates/widgets/user_list.html
+++ b/askbot/skins/default/templates/widgets/user_list.html
@@ -7,7 +7,7 @@
                 <div class="user">
                     <ul>
                             <li class="thumb">{{ gravatar(user, 32) }}</li>
-                            <li><a href="{% url user_profile user.id, user.username|slugify %}{% if profile_section %}?sort={{profile_section}}{% endif %}">{{user.username}}</a>{{ user_country_flag(user) }}</li>
+                            <li><a href="{% url user_profile user.id, user.username|slugify %}{% if profile_section %}?sort={{profile_section}}{% endif %}">{{user.username|escape}}</a>{{ user_country_flag(user) }}</li>
                             <li>{{ 
                                     user_score_and_badge_summary(
                                         user, 
diff --git a/askbot/skins/default/templates/widgets/user_navigation.html b/askbot/skins/default/templates/widgets/user_navigation.html
index eec7e628..717cd7ee 100644
--- a/askbot/skins/default/templates/widgets/user_navigation.html
+++ b/askbot/skins/default/templates/widgets/user_navigation.html
@@ -1,5 +1,5 @@
 {%- if request.user.is_authenticated() -%}
-    <a href="{{ request.user.get_absolute_url() }}">{{ request.user.username }}</a> 
+    <a href="{{ request.user.get_absolute_url() }}">{{ request.user.username|escape }}</a> 
     <span class="user-info">
     {{ macros.inbox_link(request.user) }}
     {{ macros.moderation_items_link(request.user, moderation_items) }}