diff --git a/include/ajax.forms.php b/include/ajax.forms.php
index 77b4638bf43560075ad56341de2ae693ab18f2c6..70c57e15bf233c11099eca2350633565141be953 100644
--- a/include/ajax.forms.php
+++ b/include/ajax.forms.php
@@ -21,7 +21,8 @@ class DynamicFormsAjaxAPI extends AjaxController {
         if ($_GET || isset($_SESSION[':form-data'])) {
             if (!is_array($_SESSION[':form-data']))
                 $_SESSION[':form-data'] = array();
-            $_SESSION[':form-data'] = array_merge($_SESSION[':form-data'], $_GET);
+            $_SESSION[':form-data'] = array_merge($_SESSION[':form-data'],
+                    Format::htmlchars($_GET));
         }
 
         foreach ($topic->getForms() as $form) {