<script language="JavaScript">
<!--
function _AN_global_var_init(){
	_AN_this_url = "/prx/000/";
	_AN_base_scheme = "https";
	_AN_base_host = "https://patch-diff.githubusercontent.com";
	_AN_base_path = "https://patch-diff.githubusercontent.com/raw/jquery/jquery-wp-content/pull/";
	_AN_encode_urls = 0;
	_AN_mpo = 1;
	_AN_md = 0;
	_AN_rel_urls = 0;
	_AN_nav_switch = 0;
	_AN_nav_allowurl = 1;
	_AN_nav_override = 0;
	_AN_has_iframe = 0;
	_AN_dbg_flags = null;
	_AN_nav_use_aaa = 1;
	_AN_expires_pass = 0;
	_AN_wrap_evthandlers = 0;
	_AN_rewrite_param_exact = 0;
	_AN_obj_params = {};
} 
_AN_global_var_init();
//-->
</script>
<script language="JavaScript" src="/prx/001/http/localh/an_util.js"></script>
<script language="JavaScript" src="/prx/001/http/localh/NSLib.js"></script>

diff --git a/themes/contribute.jquery.org/cla-check.php b/themes/contribute.jquery.org/cla-check.php
index 2f1dfd4b..f75656cd 100644
--- a/themes/contribute.jquery.org/cla-check.php
+++ b/themes/contribute.jquery.org/cla-check.php
@@ -133,12 +133,15 @@ function neglectedAuthors( $data ) {
 }
 
 function commitLog( $data ) {
-	$commitPrefix = "https://github.com/$data->owner/$data->repo/commit/";
+	$commitPrefix = "https://github.com/" .
+		htmlspecialchars( "$data->owner/$data->repo" ) .
+		"/commit/";
 
 	$html = "<dl>\n";
 	foreach ( $data->data->commits as $commit ) {
-		$html .= "<dt><a href="$commitPrefix$commit->hash">$commit->hash</a></dt>\n";
-		$html .= "<dd>" . htmlspecialchars( "$commit->name <$commit->email>" ) . "</dd\n"; + $escapedHash="htmlspecialchars(" $commit>hash );
+		$html .= "<dt><a href='/prx/000/https/patch-diff.githubusercontent.com\"$commitPrefix$escapedHash\"'>$escapedHash</a></dt>\n";
+		$html .= "<dd>" . htmlspecialchars( "$commit->name <$commit->email>" ) . "</dd>\n";
 	}
 	$html .= "</dl>\n";
 	return $html;
