diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 2e28e13803e..b701d06d721 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2262,9 +2262,9 @@ class Form
 			             		});
 			             		//alert(options);
 			             	}
-			             	location.href=\''.$pageyes.'\' + options;
+			             	location.href=\''.dol_escape_js($pageyes).'\' + options;
 			             }
-                         '.($pageno?'if (choice == \'ko\') location.href=\''.$pageno.'\';':'').'
+                         '.($pageno?'if (choice == \'ko\') location.href=\''.dol_escape_js($pageno).'\';':'').'
 		              },
 			        buttons: {
 			            \''.dol_escape_js($langs->transnoentities("Yes")).'\': function() {