diff -r 0a74676a2f2f -r 68469a95658d plugins/SpecialUserPrefs.php
--- a/plugins/SpecialUserPrefs.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/plugins/SpecialUserPrefs.php	Wed Jul 25 18:06:34 2007 -0400
@@ -399,7 +399,7 @@
         echo '<div class="info-box" style="margin: 0 0 10px 0;">Your signature has been saved.</div>';
       }
       echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
-      echo $template->tinymce_textarea('new_sig', $session->signature);
+      echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));
       echo '<input type="submit" value="Save signature" />';
       echo '</form>';
       break;