lib/breadcrumbs/render/inline.rb in breadcrumbs-0.1.0 vs lib/breadcrumbs/render/inline.rb in breadcrumbs-0.1.1

@@ -27,9 +27,11 @@
         css << "item-#{i}"
 
         options[:class] << " #{css.join(" ")}"
         options[:class].gsub!(/^ *(.*?)$/, '\\1')
 
+        text = CGI.escapeHTML(text)
+
         if url
           text = tag(:a, text, options.merge(:href => url))
         else
           text = tag(:span, text, options)
         end