diff --git a/includes/functions.php b/includes/functions.php
index 28e111c51..7c8572abd 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -6220,7 +6220,7 @@ function build_entry_popup ( $popupid, $user, $description, $time,
. ( strlen ( $time )
? '
' . translate ( 'Time' ) . ":\n$time\n" : '' )
. ( ! empty ( $location ) && $details
- ? '' . translate ( 'Location' ) . ":\n $location\n" : '' )
+ ? '' . translate ( 'Location' ) . ":\n" . htmlspecialchars($location) . "\n" : '' )
. ( ! empty ( $reminder ) && $details
? '' . translate ( 'Send Reminder' ) . ":\n $reminder\n" : '' );
diff --git a/view_entry.php b/view_entry.php
index 20bc4f4a9..e6dd59234 100644
--- a/view_entry.php
+++ b/view_entry.php
@@ -419,8 +419,8 @@
echo '' . "\n";
if ($DISABLE_LOCATION_FIELD != 'Y' && !empty($location)) {
-echo '' . translate('Description') . "
\n";
-echo '
' . $location . "
\n";
+echo '
' . translate('Location') . "
\n";
+echo '
' . htmlentities($location) . "
\n";
echo '
' . "\n";
}