diff --git a/phpmyfaq/admin/index.php b/phpmyfaq/admin/index.php
index bc83627834..312c59daa7 100755
--- a/phpmyfaq/admin/index.php
+++ b/phpmyfaq/admin/index.php
@@ -119,6 +119,7 @@
 if (is_null($action)) {
     $action = Filter::filterInput(INPUT_POST, 'action', FILTER_UNSAFE_RAW);
 }
+$action = Strings::htmlentities($action);
 
 //
 // Get CSRF Token