diff --git a/include/class.forms.php b/include/class.forms.php
index 70cf1a8b534f36eca659699d49b3e2ad7ba1d349..05185069040712a0054b7a26ff097561c1b02dcb 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -1091,7 +1091,7 @@ class ChoicesWidget extends Widget {
                     continue; ?>
                 <option value="<?php echo $key; ?>" <?php
                     if ($value == $key) echo 'selected="selected"';
-                ?>><?php echo $name; ?></option>
+                ?>><?php echo Format::htmlchars($name); ?></option>
             <?php } ?>
         </select>
         </span>