diff --git a/adm_program/system/classes/ProfileFields.php b/adm_program/system/classes/ProfileFields.php
index 59ae3db532..aef8c292c4 100644
--- a/adm_program/system/classes/ProfileFields.php
+++ b/adm_program/system/classes/ProfileFields.php
@@ -168,6 +168,7 @@ public function getHtmlValue($fieldNameIntern, $value, $value2 = null)
         if ($value != '')
         {
             // create html for each field type
+            $value = SecurityUtils::encodeHTML(StringUtils::strStripTags($value));
             $htmlValue = $value;
 
             $usfType = $this->mProfileFields[$fieldNameIntern]->getValue('usf_type');