escape HTML in rich tooltips
diff --git a/modeling/plugins/org.eclipse.pde.emfforms/META-INF/MANIFEST.MF b/modeling/plugins/org.eclipse.pde.emfforms/META-INF/MANIFEST.MF
index b6f8ec2..03521d7 100644
--- a/modeling/plugins/org.eclipse.pde.emfforms/META-INF/MANIFEST.MF
+++ b/modeling/plugins/org.eclipse.pde.emfforms/META-INF/MANIFEST.MF
@@ -29,5 +29,6 @@
  org.eclipse.pde.emfforms.internal;x-internal:=true,
  org.eclipse.pde.emfforms.internal.editor;x-internal:=true,
  org.eclipse.pde.emfforms.internal.validation;x-internal:=true
-Import-Package: org.eclipse.core.resources
+Import-Package: org.apache.commons.lang;version="2.4.0",
+ org.eclipse.core.resources
 Service-Component: OSGI-INF/*.xml
diff --git a/modeling/plugins/org.eclipse.pde.emfforms/src/org/eclipse/pde/emfforms/internal/validation/RichTooltipHyperlinkAdapter.java b/modeling/plugins/org.eclipse.pde.emfforms/src/org/eclipse/pde/emfforms/internal/validation/RichTooltipHyperlinkAdapter.java
index 0196eac..c6bcb6c 100644
--- a/modeling/plugins/org.eclipse.pde.emfforms/src/org/eclipse/pde/emfforms/internal/validation/RichTooltipHyperlinkAdapter.java
+++ b/modeling/plugins/org.eclipse.pde.emfforms/src/org/eclipse/pde/emfforms/internal/validation/RichTooltipHyperlinkAdapter.java
@@ -8,15 +8,16 @@
  * Contributors:
  *     Anyware Technologies - initial API and implementation
  *
- * $Id: RichTooltipHyperlinkAdapter.java,v 1.2 2009/09/13 21:28:29 bcabe Exp $
+ * $Id: RichTooltipHyperlinkAdapter.java,v 1.3 2009/10/23 16:14:22 bcabe Exp $
  */
 package org.eclipse.pde.emfforms.internal.validation;
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.util.*;
-import java.util.List;
 import java.util.Map.Entry;
+import java.util.List;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.eclipse.jface.dialogs.IMessageProvider;
 import org.eclipse.jface.layout.GridDataFactory;
 import org.eclipse.jface.layout.GridLayoutFactory;
@@ -143,11 +144,9 @@
 					pw.print("\"> <a href=\"");
 					pw.print(message.hashCode() + "");
 					pw.print("\">");
-					//FIXME prefix should be HTML escaped
 					if (message.getPrefix() != null)
-						pw.print(message.getPrefix());
-					//FIXME message should be HTML escaped
-					pw.print(message.getMessage());
+						pw.print(StringEscapeUtils.escapeHtml(message.getPrefix()));
+					pw.print(StringEscapeUtils.escapeHtml(message.getMessage()));
 					pw.println("</a></li>");
 				}
 			}