diff --git a/app/helpers/block_helper.rb b/app/helpers/block_helper.rb
index 8fbe47f..b416253 100644
--- a/app/helpers/block_helper.rb
+++ b/app/helpers/block_helper.rb
@@ -3,7 +3,7 @@ module BlockHelper
   def block_title(title)
     tag_class = 'block-title'
     tag_class += ' empty' if title.empty?
-    content_tag 'h3', content_tag('span', title), :class => tag_class
+    content_tag 'h3', content_tag('span', h(title)), :class => tag_class
   end
 
 end
diff --git a/test/unit/block_helper_test.rb b/test/unit/block_helper_test.rb
new file mode 100644
index 0000000..4dfb152
--- /dev/null
+++ b/test/unit/block_helper_test.rb
@@ -0,0 +1,13 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class BlogHelperTest < ActiveSupport::TestCase
+
+  include BlockHelper
+  include ActionView::Helpers::TagHelper
+
+  should 'escape title html' do
+    assert_no_match /<b>/, block_title('<b>test</b>')
+    assert_match /&lt;b&gt;test&lt;\/b&gt;/, block_title('<b>test</b>')
+  end
+
+end
--
libgit2 0.21.2