diff --git a/models/DataObject/ClassDefinition/Data/Extension/Text.php b/models/DataObject/ClassDefinition/Data/Extension/Text.php
index 0cb7f3bc813..a9c3e59393c 100644
--- a/models/DataObject/ClassDefinition/Data/Extension/Text.php
+++ b/models/DataObject/ClassDefinition/Data/Extension/Text.php
@@ -58,10 +58,6 @@ public function isDiffChangeAllowed($object, $params = [])
      */
     public function getVersionPreview($data, $object = null, $params = [])
     {
-        // remove all <script> tags, to prevent XSS in the version preview
-        // this should normally be filtered in the project specific controllers/action (/website folder) but just to be sure
-        $data = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $data);
-
-        return $data;
+        return htmlspecialchars($data);
     }
 }
diff --git a/models/DataObject/ClassDefinition/Data/Multiselect.php b/models/DataObject/ClassDefinition/Data/Multiselect.php
index 47be1540385..cdf2559d1fd 100644
--- a/models/DataObject/ClassDefinition/Data/Multiselect.php
+++ b/models/DataObject/ClassDefinition/Data/Multiselect.php
@@ -345,7 +345,7 @@ public function getDataFromEditmode($data, $object = null, $params = [])
     public function getVersionPreview($data, $object = null, $params = [])
     {
         if (is_array($data)) {
-            return implode(',', $data);
+            return implode(',', array_map($data, 'htmlspecialchars'));
         }
 
         return null;
diff --git a/models/DataObject/ClassDefinition/Data/QuantityValue.php b/models/DataObject/ClassDefinition/Data/QuantityValue.php
index eccf2cf3fef..d902ae7fec6 100644
--- a/models/DataObject/ClassDefinition/Data/QuantityValue.php
+++ b/models/DataObject/ClassDefinition/Data/QuantityValue.php
@@ -383,7 +383,7 @@ public function getVersionPreview($data, $object = null, $params = [])
                 }
             }
 
-            return $data->getValue() . $unit;
+            return htmlspecialchars($data->getValue() . $unit);
         }
 
         return '';
diff --git a/models/DataObject/ClassDefinition/Data/Select.php b/models/DataObject/ClassDefinition/Data/Select.php
index 7dc56ca2c00..20256022e8d 100644
--- a/models/DataObject/ClassDefinition/Data/Select.php
+++ b/models/DataObject/ClassDefinition/Data/Select.php
@@ -308,7 +308,7 @@ public function getDataFromEditmode($data, $object = null, $params = [])
      */
     public function getVersionPreview($data, $object = null, $params = [])
     {
-        return $data;
+        return htmlspecialchars($data);
     }
 
     /**