diff --git a/lib/template.php b/lib/template.php
index ce55e58d28d9158f131c400ec86ba8561ae63a8a..3c103c901c2b3f764205085dac6610888b9ea51b 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -147,7 +147,7 @@ function html_select_options($options, $selected, $params=array()) {
 			$label = $label[$label_name];
 		}
 		$select = in_array($value, $selected) ? ' selected="selected"' : '';
-		$html .= '<option value="' . $value . '"' . $select . '>' . $label . '</option>'."\n";
+		$html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n";
 	}
 	return $html;
 }