escape display name in title attributes

templates/members-grid.php

@@ -19,7 +19,7 @@
 		?>
 
 		<div class="um-member-cover" data-ratio="<?php echo um_get_option('profile_cover_ratio'); ?>">
-			<div class="um-member-cover-e"><a href="<?php echo um_user_profile_url(); ?>" title="<?php echo um_user('display_name'); ?>"><?php echo um_user('cover_photo', $cover_size); ?></a></div>
+			<div class="um-member-cover-e"><a href="<?php echo um_user_profile_url(); ?>" title="<?php echo esc_attr(um_user('display_name')); ?>"><?php echo um_user('cover_photo', $cover_size); ?></a></div>
 		</div>
 
 		<?php } ?>
@@ -28,13 +28,13 @@
 			$default_size = str_replace( 'px', '', um_get_option('profile_photosize') );
 			$corner = um_get_option('profile_photocorner');
 		?>
-		<div class="um-member-photo radius-<?php echo $corner; ?>"><a href="<?php echo um_user_profile_url(); ?>" title="<?php echo um_user('display_name'); ?>"><?php echo get_avatar( um_user('ID'), $default_size ); ?></a></div>
+		<div class="um-member-photo radius-<?php echo $corner; ?>"><a href="<?php echo um_user_profile_url(); ?>" title="<?php echo esc_attr(um_user('display_name')); ?>"><?php echo get_avatar( um_user('ID'), $default_size ); ?></a></div>
 		<?php } ?>
 					
 					<div class="um-member-card <?php if (!$profile_photo) { echo 'no-photo'; } ?>">
 						
 						<?php if ( $show_name ) { ?>
-						<div class="um-member-name"><a href="<?php echo um_user_profile_url(); ?>" title="<?php echo um_user('display_name'); ?>"><?php echo um_user('display_name', 'html'); ?></a></div>
+						<div class="um-member-name"><a href="<?php echo um_user_profile_url(); ?>" title="<?php echo esc_attr(um_user('display_name')); ?>"><?php echo um_user('display_name', 'html'); ?></a></div>
 						<?php } ?>
 						
 						<?php do_action('um_members_just_after_name', um_user('ID'), $args); ?>
@@ -109,4 +109,4 @@
 
 	<div class="um-clear"></div>
 
-</div>
+</div>