diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 25f708e8c37..8cb0a344e43 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -4093,7 +4093,7 @@ class Form
             $ret.='<table class="nobordernopadding" width="100%"><tr class="nobordernopadding"><td class="nobordernopadding">';
         }
 
-        $ret.=$object->$fieldref;
+        $ret.=dol_htmlentities($object->$fieldref);
         if ($morehtmlref)
         {
             $ret.=' '.$morehtmlref;