diff --git a/include/class.role.php b/include/class.role.php
index b4a8723bf4..f2d07057db 100644
--- a/include/class.role.php
+++ b/include/class.role.php
@@ -156,9 +156,10 @@ private function updatePerms($vars, &$errors=array()) {
     }
 
     function update($vars, &$errors) {
-        if (!$vars['name'])
+        $name = Format::sanitize($vars['name']);
+        if (!$name)
             $errors['name'] = __('Name required');
-        elseif (($r=Role::lookup(array('name'=>$vars['name'])))
+        elseif (($r=Role::lookup(array('name'=>$name)))
                 && $r->getId() != $vars['id'])
             $errors['name'] = __('Name already in use');
         elseif (!$vars['perms'] || !count($vars['perms']))
@@ -167,8 +168,8 @@ function update($vars, &$errors) {
         if ($errors)
             return false;
 
-        $this->name = $vars['name'];
-        $this->notes = $vars['notes'];
+        $this->name = $name;
+        $this->notes = Format::sanitize($vars['notes']);
 
         $this->updatePerms($vars['perms'], $errors);