diff --git a/include/ajax.search.php b/include/ajax.search.php
index 7e22a87901c5ab73ef9ac86b250ea48711651535..f2175a76dc4b961d7c260b823a8675f4e40fc424 100644
--- a/include/ajax.search.php
+++ b/include/ajax.search.php
@@ -136,7 +136,7 @@ class SearchAjaxAPI extends AjaxController {
 
         $search->config = JsonDataEncoder::encode($form->getState());
         if (isset($_POST['name']))
-            $search->title = $_POST['name'];
+            $search->title = Format::htmlchars($_POST['name']);
         elseif ($search->__new__)
             Http::response(400, 'A name is required');
         if (!$search->save()) {