diff --git a/application/controllers/Messages.php b/application/controllers/Messages.php
index 0771817454..4b168624be 100644
--- a/application/controllers/Messages.php
+++ b/application/controllers/Messages.php
@@ -37,11 +37,11 @@ public function send()
 
 		if($response)
 		{
-			echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('messages_successfully_sent') . ' ' . $phone));
+			echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('messages_successfully_sent') . ' ' . $this->xss_clean($phone)));
 		}
 		else
 		{
-			echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('messages_unsuccessfully_sent') . ' ' . $phone));
+			echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('messages_unsuccessfully_sent') . ' ' . $this->xss_clean($phone)));
 		}
 	}
 	
@@ -54,11 +54,11 @@ public function send_form($person_id = -1)
 
 		if($response)
 		{
-			echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('messages_successfully_sent') . ' ' . $phone, 'person_id' => $this->xss_clean($person_id)));
+			echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('messages_successfully_sent') . ' ' . $this->xss_clean($phone), 'person_id' => $this->xss_clean($person_id)));
 		}
 		else
 		{
-			echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('messages_unsuccessfully_sent') . ' ' . $phone, 'person_id' => -1));
+			echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('messages_unsuccessfully_sent') . ' ' . $this->xss_clean($phone), 'person_id' => -1));
 		}
 	}
 }