diff --git a/app/controllers/my_profile/manage_products_controller.rb b/app/controllers/my_profile/manage_products_controller.rb
index b78196f..8f39f6f 100644
--- a/app/controllers/my_profile/manage_products_controller.rb
+++ b/app/controllers/my_profile/manage_products_controller.rb
@@ -207,7 +207,7 @@ class ManageProductsController < ApplicationController
                       }.to_json
     else
       render :text => {:ok => false,
-                       :error_msg => _(cost.errors['name']) % {:fn => _('Name')}
+                       :error_msg => _(cost.errors['name'].join('\n')) % {:fn => _('Name')}
                       }.to_json
     end
   end
diff --git a/app/helpers/manage_products_helper.rb b/app/helpers/manage_products_helper.rb
index 1bc51d2..ac82d86 100644
--- a/app/helpers/manage_products_helper.rb
+++ b/app/helpers/manage_products_helper.rb
@@ -163,7 +163,7 @@ module ManageProductsHelper
   def cancel_edit_product_link(product, field, html_options = {})
     return '' unless (user && user.has_permission?('manage_products', profile))
     button_to_function(:cancel, _('Cancel'), nil, html_options) do |page|
-      page.replace_html "product-#{field}", :partial => "display_#{field}", :locals => {:product => product}
+      page.replace_html "product-#{field}", CGI::escapeHTML(render :partial => "display_#{field}", :locals => {:product => product})
     end
   end
 
diff --git a/app/models/product.rb b/app/models/product.rb
index 337943d..5a69734 100644
--- a/app/models/product.rb
+++ b/app/models/product.rb
@@ -11,7 +11,7 @@ class Product < ActiveRecord::Base
 
   SEARCH_DISPLAYS = %w[map full]
 
-  attr_accessible :name, :product_category, :highlighted, :price, :enterprise
+  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description
 
   def self.default_search_display
     'full'
--
libgit2 0.21.2