diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 9e72301d372..9f2177129cd 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -436,8 +436,8 @@ function dol_escape_htmltag($stringtoescape,$keepb=0)
 {
     // escape quotes and backslashes, newlines, etc.
     $tmp=dol_html_entity_decode($stringtoescape,ENT_COMPAT,'UTF-8');
-    if ($keepb) $tmp=strtr($tmp, array('"'=>'',"\r"=>'\\r',"\n"=>'\\n'));
-    else $tmp=strtr($tmp, array('"'=>'',"\r"=>'\\r',"\n"=>'\\n',"<b>"=>'','</b>'=>''));
+    if ($keepb) $tmp=strtr($tmp, array("\r"=>'\\r',"\n"=>'\\n'));
+    else $tmp=strtr($tmp, array("\r"=>'\\r',"\n"=>'\\n',"<b>"=>'','</b>'=>''));
     return dol_htmlentities($tmp,ENT_COMPAT,'UTF-8');
 }
 
diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php
index 44dc2011de1..0d6c4a9a2b0 100644
--- a/htdocs/install/fileconf.php
+++ b/htdocs/install/fileconf.php
@@ -384,9 +384,13 @@ if (! empty($force_install_message))
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><b><?php echo $langs->trans("Password"); ?></b>
 		</td>
-		<td class="label" valign="top"><input type="password" id="db_pass"
+		<td class="label" valign="top"><input type="text" id="db_pass" autocomplete="off"
 			name="db_pass"
-			value="<?php print (! empty($dolibarr_main_db_pass))?$dolibarr_main_db_pass:$force_install_databasepass; ?>"></td>
+			value="<?php
+			$autofill=((! empty($dolibarr_main_db_pass))?$dolibarr_main_db_pass:$force_install_databasepass);
+			if ($dolibarr_main_prod) $autofill='';
+			print dol_escape_htmltag($autofill);
+			?>"></td>
 		<td class="comment"><?php echo $langs->trans("AdminPassword"); ?></td>
 	</tr>
 
@@ -433,9 +437,13 @@ if (! empty($force_install_message))
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><?php echo $langs->trans("Password"); ?>
 		</td>
-		<td class="label" valign="top"><input type="password"
+		<td class="label" valign="top"><input type="text" autocomplete="off"
 			id="db_pass_root" name="db_pass_root" class="needroot"
-			value="<?php print (! empty($db_pass_root))?$db_pass_root:$force_install_databaserootpass; ?>"></td>
+			value="<?php
+			$autofill=((! empty($db_pass_root))?$db_pass_root:$force_install_databaserootpass);
+			if ($dolibarr_main_prod) $autofill='';
+			print dol_escape_htmltag($autofill);
+			?>"></td>
 		<td class="comment"><?php echo $langs->trans("KeepEmptyIfNoPassword"); ?>
 		</td>
 	</tr>
diff --git a/test/phpunit/FunctionsTest.php b/test/phpunit/FunctionsTest.php
index 9abce5d2589..76ce0888f25 100755
--- a/test/phpunit/FunctionsTest.php
+++ b/test/phpunit/FunctionsTest.php
@@ -357,6 +357,37 @@ class FunctionsTest extends PHPUnit_Framework_TestCase
         $this->assertEquals(7200-($tz*3600),$result);        // Should be 7200 if we are at greenwich winter
     }
 
+
+    /**
+     * testDolEscapeJs
+     *
+     * @return	void
+     */
+    public function testDolEscapeJs()
+    {
+        $input="x&<b>#</b>,\"'";    // " will be converted into '
+        $result=dol_escape_js($input);
+        $this->assertEquals("x&<b>#<\/b>,\'\'",$result);
+    }
+
+
+    /**
+    * testDolEscapeHtmlTag
+    *
+    * @return	void
+    */
+    public function testDolEscapeHtmlTag()
+    {
+        $input='x&<b>#</b>,"';    // & and " are converted into html entities, <b> are removed
+        $result=dol_escape_htmltag($input);
+        $this->assertEquals('x&amp;#,&quot;',$result);
+
+        $input='x&<b>#</b>,"';    // & and " are converted into html entities, <b> are not removed
+        $result=dol_escape_htmltag($input,1);
+        $this->assertEquals('x&amp;&lt;b&gt;#&lt;/b&gt;,&quot;',$result);
+    }
+
+
     /**
      * testDolNow
      *