diff --git a/ChangeLog b/ChangeLog
index 2ea84ada..01c594cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2005-07-04  Alex Schroeder  <alex@gnu.org>
+
+	* wiki.pl (GetHtmlHeader): Don't allow double quotes in the css
+	parameter because it allows javascript injection as described by
+	Pierre Gaston -- he added "><script>...</script><meta" to a public
+	link and tricked users into clicking it.
+
 2005-07-01  Alex Schroeder  <alex@gnu.org>
 
 	* wiki.pl (TimeToW3): Bugfix.