diff --git a/app/helpers/content_viewer_helper.rb b/app/helpers/content_viewer_helper.rb
index 486b2ea..8fc4960 100644
--- a/app/helpers/content_viewer_helper.rb
+++ b/app/helpers/content_viewer_helper.rb
@@ -30,10 +30,6 @@ module ContentViewerHelper
     link_to( number_of_comments(article), article.url.merge(:anchor => 'comments_list') )
   end
 
-  def image_label(image)
-    image.title.first(40) + (image.title.size > 40 ? '…' : '')
-  end
-
   def article_translations(article)
     unless article.native_translation.translations.empty?
       links = (article.native_translation.translations + [article.native_translation]).map do |translation|
diff --git a/app/models/uploaded_file.rb b/app/models/uploaded_file.rb
index ef23258..029929b 100644
--- a/app/models/uploaded_file.rb
+++ b/app/models/uploaded_file.rb
@@ -9,6 +9,8 @@ class UploadedFile < Article
   include ShortFilename
 
   settings_items :title, :type => 'string'
+  xss_terminate :only => [ :title ]
+
   def title_with_default
     title_without_default || short_filename(name, 60)
   end
diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb
index 52c6b05..5aa1cc2 100644
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -875,17 +875,24 @@ class ContentViewerControllerTest < Test::Unit::TestCase
     assert_no_tag :tag => 'a', :content => 'Upload files', :attributes => {:href => /parent_id=#{b.id}/}
   end
 
-  should 'show only first 40 chars of abstract in image gallery' do
+  should 'display title of image on image gallery' do
     login_as(profile.identifier)
-    folder = Gallery.create!(:name => 'gallery', :profile => profile)
-    file = UploadedFile.create!(:profile => profile, :parent => folder, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
+    folder = fast_create(Gallery, :profile_id => profile.id)
+    file = UploadedFile.create!(:title => 'my img title', :profile => profile, :parent => folder, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
+
+    get :view_page, :profile => profile.identifier, :page => folder.explode_path
 
-    file.abstract = 'a long abstract bigger then 40 chars for testing'
-    file.save!
+    assert_tag :tag => 'li', :attributes => {:title => 'my img title', :class => 'image-gallery-item'}, :child => {:tag => 'span', :content => 'my img title'}
+  end
+
+  should 'not allow html on title of the images' do
+    login_as(profile.identifier)
+    folder = fast_create(Gallery, :profile_id => profile.id)
+    file = UploadedFile.create!(:title => '<b>my img title</b>', :profile => profile, :parent => folder, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
 
     get :view_page, :profile => profile.identifier, :page => folder.explode_path
 
-    assert_tag :tag => 'li', :attributes => {:class => 'image-gallery-item'}, :child => {:tag => 'span', :content => 'a long abstract bigger then 40 chars for…'}
+    assert_tag :tag => 'li', :attributes => {:title => 'my img title', :class => 'image-gallery-item'}, :child => {:tag => 'span', :content => 'my img title'}
   end
 
   should 'allow publisher owner view private articles' do
diff --git a/test/integration/gallery_test.rb b/test/integration/gallery_test.rb
deleted file mode 100644
index b575eea..0000000
--- a/test/integration/gallery_test.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-require File.dirname(__FILE__) + '/../test_helper'
-
-class GalleryTest < ActionController::IntegrationTest
-
-  def setup
-    p = create_user('test_user').person
-    g = fast_create(Gallery, :profile_id => p.id, :path => 'pics')
-    image = UploadedFile.create!(
-      :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'),
-      :parent => g,
-      :profile => p,
-      :title => 'my img1 title',
-      :abstract => 'my img1 <b>long description</b>'
-    )
-    image = UploadedFile.create!(
-      :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'),
-      :parent => g,
-      :profile => p,
-      :title => '<b must scape title>',
-      :abstract => 'that is my picture description'
-    )
-    get '/test_user/pics'
-  end
-
-  should 'display the title of the images when listing' do
-    assert_tag :tag => 'li',  :attributes => { :title => 'my img1 title' }
-    assert_select '.image-gallery-item span', 'my img1 title'
-    assert_no_match(/my img1 <b>long description/, @response.body)
-  end
-
-  should 'scape the title of the images' do
-    assert_select '.image-gallery-item:first-child span',
-                  '&lt;b must scape title&gt;'
-  end
-
-end
--
libgit2 0.21.2