Index: branches/RC/core/admin_templates/js/form_controls.js
===================================================================
diff -u -r11283 -r11854
--- branches/RC/core/admin_templates/js/form_controls.js	(.../form_controls.js)	(revision 11283)
+++ branches/RC/core/admin_templates/js/form_controls.js	(.../form_controls.js)	(revision 11854)
@@ -116,7 +116,7 @@
 		$ret = $ret.replace('#' + $field_name + '#', this.formatValue($field_name, $value));
 	}
 
-	return $ret;
+	return this.htmlspecialchars($ret);
 }
 
 MultiInputControl.prototype._getRecordIndex = function ($selected_index) {