diff --git a/app/views/attachments/_links.rhtml b/app/views/attachments/_links.rhtml
index 19ab673..4f4e2d1 100644
--- a/app/views/attachments/_links.rhtml
+++ b/app/views/attachments/_links.rhtml
@@ -11,7 +11,7 @@
                                          :title => l(:button_delete) %>
   <% end %>
   <% if options[:author] %>
-    <span class="author"><%= attachment.author %>, <%= format_time(attachment.created_on) %></span>
+    <span class="author"><%= h(attachment.author) %>, <%= format_time(attachment.created_on) %></span>
   <% end %>
   </p>
 <% end %>