diff --git a/setup/inc/class.installer.php b/setup/inc/class.installer.php
index 1a198325548faafda964b654f26423e7ad828844..8d10bd4f98de3bf806ec3804ecf5aab3e3d00ee5 100644
--- a/setup/inc/class.installer.php
+++ b/setup/inc/class.installer.php
@@ -188,8 +188,8 @@ class Installer extends SetupWizard {
             'dept_id' => $dept_id,
             'role_id' => $role_id,
             'email' => $vars['admin_email'],
-            'firstname' => $vars['fname'],
-            'lastname' => $vars['lname'],
+            'firstname' => Format::htmlchars($vars['fname']),
+            'lastname' => Format::htmlchars($vars['lname']),
             'username' => $vars['username'],
         ));
         $staff->updatePerms(array(