diff --git a/include/class.forms.php b/include/class.forms.php
index e926ae07af7b75a32f23d9918b38d9f3f4b371f1..46d9600ccd6e0506cdcc5906a6b4ac82d05097df 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -3169,7 +3169,7 @@ class ChoicesWidget extends Widget {
                 continue; ?>
             <option value="<?php echo $key; ?>" <?php
                 if (isset($values[$key])) echo 'selected="selected"';
-            ?>><?php echo $name; ?></option>
+            ?>><?php echo Format::htmlchars($name); ?></option>
         <?php
         }
     }
@@ -3182,7 +3182,7 @@ class ChoicesWidget extends Widget {
                     continue; ?>
             <option value="<?php echo $key; ?>" <?php
                 if (isset($values[$key])) echo 'selected="selected"';
-            ?>><?php echo $name; ?></option>
+            ?>><?php echo Format::htmlchars($name); ?></option>
 <?php       } ?>
             </optgroup><?php
         }