Steps to reproduce:
1. Create a microblog and add a comment to it with the following XSS content:
<script>alert("this is an xss test");</script>
2. Now when browsing any page we'll see the alert pop-up, since the dockbar contains the notification for the new comment with its content unescaped.
The content of the notifications must be escaped to prevent XSS attacks.