Hi all,

I recently received a report of a cross-site-scripting vulnerability in Voice, whereby crafting a special URL could result in arbitrary javascript code being executed on the page.

I have now fixed this.

I'm mentioning it because you may notice that page titles now show a bit differently (in fact more correctly) in cases where you have unusual characters like & and < and " in the title.

In particular, if you had HTML in a page title (e.g., because you wanted to make it bold or coloured) then it will no longer work as HTML - it'll just display it on the page.

If this causes trouble please get in touch and we can work out an alternative way to achieve what you want.

Thanks

Joe