is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.