diff --git a/app/views/issues/_sidebar.rhtml b/app/views/issues/_sidebar.rhtml
index e94d4180b..a2dc603dd 100644
--- a/app/views/issues/_sidebar.rhtml
+++ b/app/views/issues/_sidebar.rhtml
@@ -9,6 +9,6 @@
 <h3><%= l(:label_query_plural) %></h3>
 
 <% sidebar_queries.each do |query| -%>
-<%= link_to query.name, :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query %><br />
+<%= link_to(h(query.name), :controller => 'issues', :action => 'index', :project_id => @project, :query_id => query) %><br />
 <% end -%>
 <% end -%>
diff --git a/app/views/wiki/annotate.rhtml b/app/views/wiki/annotate.rhtml
index 1c683404b..c27451606 100644
--- a/app/views/wiki/annotate.rhtml
+++ b/app/views/wiki/annotate.rhtml
@@ -20,7 +20,7 @@
     <th class="line-num"><%= line_num %></th>
     <td class="revision"><%= link_to line[0], :controller => 'wiki', :action => 'index', :id => @project, :page => @page.title, :version => line[0] %></td>
     <td class="author"><%= h(line[1]) %></td>
-    <td class="line-code"><pre><%= line[2] %></pre></td>
+    <td class="line-code"><pre><%=h line[2] %></pre></td>
 </tr>
 <% line_num += 1 %>
 <% end -%>