Index: lams_central/web/forgotPasswordProc.jsp
===================================================================
diff -u -racc8d2acf5b6b0002e0c8129947040a779ab4077 -rabff8dcc2af4d1607d0306af02edb795fe62d13b
--- lams_central/web/forgotPasswordProc.jsp	(.../forgotPasswordProc.jsp)	(revision acc8d2acf5b6b0002e0c8129947040a779ab4077)
+++ lams_central/web/forgotPasswordProc.jsp	(.../forgotPasswordProc.jsp)	(revision abff8dcc2af4d1607d0306af02edb795fe62d13b)
@@ -1,5 +1,6 @@
 <%@ page language="java"  pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
 <%@page import="org.apache.struts.action.ActionMessages" %>
+<%@page import="org.apache.commons.lang.StringEscapeUtils" %>
 <%@page import="org.lamsfoundation.lams.web.ForgotPasswordServlet" %>
 <%@page import="org.lamsfoundation.lams.util.MessageService" %>
 <%@page import="org.springframework.web.context.WebApplicationContext" %>
@@ -13,7 +14,7 @@
 <%@ taglib uri="tags-lams" prefix="lams" %>
 
 <%
-String languageKey = request.getParameter("languageKey");
+String languageKey = StringEscapeUtils.escapeHtml(request.getParameter("languageKey"));
 String stateStr = request.getParameter("state");
 String emailStr = request.getParameter("emailSent");
 %>
@@ -62,8 +63,8 @@
 	    <% 
 	    	}
 	    %>
-	   	<fmt:message key="<%=languageKey %>"/>
-	   	
+		<fmt:message key="<%=languageKey%>"/>
+
 	   	<%
 	   		if (emailStr!=null && !emailStr.equals(""))
 		    {
@@ -81,4 +82,4 @@
 </div>
 </body> 
 
-</lams:html>          
\ No newline at end of file
+</lams:html>