diff -up arora-0.11.0/src/network/networkaccessmanager.cpp.fake-certificate-issuer arora-0.11.0/src/network/networkaccessmanager.cpp
--- arora-0.11.0/src/network/networkaccessmanager.cpp.fake-certificate-issuer	2010-09-27 04:42:17.000000000 +0200
+++ arora-0.11.0/src/network/networkaccessmanager.cpp	2011-10-20 16:22:39.119469071 +0200
@@ -249,12 +249,35 @@ void NetworkAccessManager::proxyAuthenti
     }
 }
 
+// TODO (QT5): use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56
+// ends up with.
+// original author: David Faure
+static QString htmlEscape(const QString &plain)
+{
+    QString rich;
+    rich.reserve(int(plain.length() * 1.1));
+        for (int i = 0; i < plain.length(); ++i) {
+        if (plain.at(i) == QLatin1Char('<'))
+            rich += QLatin1String("&lt;");
+        else if (plain.at(i) == QLatin1Char('>'))
+            rich += QLatin1String("&gt;");
+        else if (plain.at(i) == QLatin1Char('&'))
+            rich += QLatin1String("&amp;");
+        else if (plain.at(i) == QLatin1Char('"'))
+            rich += QLatin1String("&quot;");
+        else
+            rich += plain.at(i);
+    }
+    rich.squeeze();
+    return rich;
+}
+
 #ifndef QT_NO_OPENSSL
 QString NetworkAccessManager::certToFormattedString(QSslCertificate cert)
 {
     QStringList message;
     message << cert.subjectInfo(QSslCertificate::CommonName);
-    message << tr("Issuer: %1").arg(cert.issuerInfo(QSslCertificate::CommonName));
+    message << tr("Issuer: %1").arg(htmlEscape(cert.issuerInfo(QSslCertificate::CommonName)));
     message << tr("Not valid before: %1").arg(cert.effectiveDate().toString());
     message << tr("Valid until: %1").arg(cert.expiryDate().toString());