Index: lams_central/web/forgotPasswordProc.jsp
===================================================================
RCS file: /usr/local/cvsroot/lams_central/web/forgotPasswordProc.jsp,v
diff -u -r1.5 -r1.6
--- lams_central/web/forgotPasswordProc.jsp	2 Jul 2009 08:19:14 -0000	1.5
+++ lams_central/web/forgotPasswordProc.jsp	25 Apr 2014 07:20:44 -0000	1.6
@@ -1,5 +1,6 @@
 <%@ page language="java"  pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
 <%@page import="org.apache.struts.action.ActionMessages" %>
+<%@page import="org.apache.commons.lang.StringEscapeUtils" %>
 <%@page import="org.lamsfoundation.lams.web.ForgotPasswordServlet" %>
 <%@page import="org.lamsfoundation.lams.util.MessageService" %>
 <%@page import="org.springframework.web.context.WebApplicationContext" %>
@@ -13,7 +14,7 @@
 <%@ taglib uri="tags-lams" prefix="lams" %>
 
 <%
-String languageKey = request.getParameter("languageKey");
+String languageKey = StringEscapeUtils.escapeHtml(request.getParameter("languageKey"));
 String stateStr = request.getParameter("state");
 String emailStr = request.getParameter("emailSent");
 %>
@@ -62,8 +63,8 @@
 	    <% 
 	    	}
 	    %>
-	   	<fmt:message key="<%=languageKey %>"/>
-	   	
+		<fmt:message key="<%=languageKey%>"/>
+
 	   	<%
 	   		if (emailStr!=null && !emailStr.equals(""))
 		    {
@@ -81,4 +82,4 @@
 </div>
 </body> 
 
-</lams:html>          
\ No newline at end of file
+</lams:html>