diff --git a/includes/dublin_core.inc b/includes/dublin_core.inc
index ec058181..ecfcc7b1 100644
--- a/includes/dublin_core.inc
+++ b/includes/dublin_core.inc
@@ -131,7 +131,7 @@ class DublinCore {
$dc_label = explode(':', $field);
$element_label = drupal_ucfirst($dc_label[1]);
$dc_array[$field]['label'] = $element_label;
- $dc_array[$field]['value'] = $value;
+ $dc_array[$field]['value'] = filter_xss($value);
$dc_array[$field]['class'] = drupal_strtolower(preg_replace('/[^A-Za-z0-9]/', '-', $field));
$dc_array[$field]['dcterms'] = preg_replace('/^dc/', 'dcterms', $field);
}
@@ -140,7 +140,6 @@ class DublinCore {
return $dc_array;
}
-
/**
* Creates a new instance of the class by parsing dc_xml.
*
diff --git a/theme/islandora-dublin-core-display.tpl.php b/theme/islandora-dublin-core-display.tpl.php
index da67de18..2c2a02ee 100644
--- a/theme/islandora-dublin-core-display.tpl.php
+++ b/theme/islandora-dublin-core-display.tpl.php
@@ -20,11 +20,11 @@
$value): ?>
- -
-
+
-
+
-
-
+
diff --git a/theme/theme.inc b/theme/theme.inc
index 8ffffc4f..6a80fbb6 100644
--- a/theme/theme.inc
+++ b/theme/theme.inc
@@ -39,7 +39,7 @@ function islandora_preprocess_islandora_default_edit(array &$variables) {
);
$row[] = array(
'class' => 'datastream-label',
- 'data' => $ds->label,
+ 'data' => filter_xss($ds->label),
);
$row[] = array(
'class' => 'datastream-control',
@@ -47,7 +47,7 @@ function islandora_preprocess_islandora_default_edit(array &$variables) {
);
$row[] = array(
'class' => 'datastream-mime',
- 'data' => $ds->mimeType,
+ 'data' => filter_xss($ds->mimeType),
);
$row[] = array(
'class' => 'datastream-size',
@@ -81,7 +81,7 @@ function islandora_preprocess_islandora_default_edit(array &$variables) {
);
$rows[] = $row;
}
- $caption = $islandora_object->label . ' - ' . $islandora_object->id;
+ $caption = filter_xss($islandora_object->label) . ' - ' . $islandora_object->id;
$table = array(
'colgroups' => NULL,
'sticky' => TRUE,