diff --git a/includes/functions.php b/includes/functions.php
index 28e111c51..7c8572abd 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -6220,7 +6220,7 @@ function build_entry_popup ( $popupid, $user, $description, $time,
    . ( strlen ( $time )
     ? '<dt>' . translate ( 'Time' ) . ":</dt>\n<dd>$time</dd>\n" : '' )
    . ( ! empty ( $location ) && $details
-    ? '<dt>' . translate ( 'Location' ) . ":</dt>\n<dd> $location</dd>\n" : '' )
+    ? '<dt>' . translate ( 'Location' ) . ":</dt>\n<dd>" . htmlspecialchars($location) . "</dd>\n" : '' )
    . ( ! empty ( $reminder ) && $details
     ? '<dt>' . translate ( 'Send Reminder' ) . ":</dt>\n<dd> $reminder</dd>\n" : '' );
 
diff --git a/view_entry.php b/view_entry.php
index 20bc4f4a9..e6dd59234 100644
--- a/view_entry.php
+++ b/view_entry.php
@@ -419,8 +419,8 @@
 echo '</div><div class="w-100"></div></div>' . "\n";
 
 if ($DISABLE_LOCATION_FIELD != 'Y' && !empty($location)) {
-echo '<div class="row"><div class="col-3">' . translate('Description') . "</div>\n";
-echo '<div class="col-9">'  . $location . "</div>\n";
+echo '<div class="row"><div class="col-3">' . translate('Location') . "</div>\n";
+echo '<div class="col-9">'  . htmlentities($location) . "</div>\n";
 echo '<div class="w-100"></div></div>' . "\n";
 }