diff --git a/include/staff/tpl.inc.php b/include/staff/tpl.inc.php
index 9faa9d33b46fc249016ab4a68660b1508bce11f9..139049c0abc318e0279694d03b3af587f636aa47 100644
--- a/include/staff/tpl.inc.php
+++ b/include/staff/tpl.inc.php
@@ -108,7 +108,7 @@ $tpl=$msgtemplates[$selected];
     <input type="hidden" name="draft_id" value=""/>
     <textarea name="body" cols="21" rows="16" style="width:98%;" wrap="soft"
         data-toolbar-external="#toolbar"
-        class="richtext draft" data-draft-namespace="tpl.<?php echo $selected; ?>"
+        class="richtext draft" data-draft-namespace="tpl.<?php echo Format::htmlchars($selected); ?>"
         data-draft-object-id="<?php echo $tpl_id; ?>"><?php echo $info['body']; ?></textarea>
 </div>