* use h() on username to avoid XSS

* Link to username in <h1>
 * Set <title> on /blocks and /blocks_by

app/views/user_blocks/blocks_by.html.erb

@@ -1,3 +1,4 @@
-<h1><%= t('user_block.blocks_by.heading', :name => @this_user.display_name) %></h1>
+<% @title = t('user_block.blocks_by.title', :name => h(@this_user.display_name)) %>
+<h1><%= t('user_block.blocks_by.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
 
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => true, :show_creator_name => false } %>

app/views/user_blocks/blocks_on.html.erb

@@ -1,3 +1,4 @@
-<h1><%= t('user_block.blocks_on.heading', :name => @this_user.display_name) %></h1>
+<% @title = t('user_block.blocks_on.title', :name => h(@this_user.display_name)) %>
+<h1><%= t('user_block.blocks_on.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
 
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => false, :show_creator_name => true } %>

config/locales/en.yml

@@ -1088,9 +1088,11 @@ en:
       until_login: "Active until the user logs in."
       time_past: "Ended {{time}} ago."
     blocks_on:
-      heading: "List blocks on {{name}}"
+      title: "Blocks on {{name}}"
+      heading: "List of blocks on {{name}}"
     blocks_by:
-      heading: "List blocks by {{name}}"
+      title: "Blocks by {{name}}"
+      heading: "List of blocks by {{name}}"
     show:
       heading: "Block on {{block_on}} by {{block_by}}"
       time_future: "Ends in {{time}}"