diff --git a/include/staff/templates/dynamic-form.tmpl.php b/include/staff/templates/dynamic-form.tmpl.php
index cfe25a45ad544779d916179e55f639edb6073a49..b178b2fff3f10a3e92f6421e9ecdc39700baffaa 100644
--- a/include/staff/templates/dynamic-form.tmpl.php
+++ b/include/staff/templates/dynamic-form.tmpl.php
@@ -28,7 +28,7 @@
             }
             foreach ($field->errors() as $e) { ?>
                 <br />
-                <font class="error"><?php echo $e; ?></font>
+                <font class="error"><?php echo Format::htmlchars($e); ?></font>
             <?php } ?>
             </td>
         </tr>