diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php
index 9d10749e1..b62515249 100644
--- a/application/itopwebpage.class.inc.php
+++ b/application/itopwebpage.class.inc.php
@@ -569,7 +569,7 @@ EOF
         // Make sure that Internet Explorer renders the page using its latest/highest/greatest standards !
         echo "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />\n";
         echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
-        echo "<title>{$this->s_title}</title>\n";
+        echo "<title>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</title>\n";
         echo $this->get_base_tag();
         // Stylesheets MUST be loaded before any scripts otherwise
         // jQuery scripts may face some spurious problems (like failing on a 'reload')
@@ -750,7 +750,7 @@ EOF
 		echo '<div id="left-pane" class="ui-layout-west">';
 		echo '<!-- Beginning of the left pane -->';
 		echo '	<div id="header-logo">';
-		echo '	<div id="top-left"></div><div id="logo"><a href="http://www.combodo.com/itop"><img src="../images/itop-logo.png" title="'.self::FilterXSS($sVersionString).'" style="border:0; margin-top:16px; margin-right:40px;"/></a></div>';
+		echo '	<div id="top-left"></div><div id="logo"><a href="http://www.combodo.com/itop"><img src="../images/itop-logo.png" title="'.htmlentities($sVersionString, ENT_QUOTES, 'UTF-8').'" style="border:0; margin-top:16px; margin-right:40px;"/></a></div>';
 		echo '	</div>';
 		echo '	<div class="header-menu">';
 		echo '		<div class="icon ui-state-default ui-corner-all"><span id="tPinMenu" class="ui-icon ui-icon-pin-w">pin</span></div>';
@@ -772,7 +772,7 @@ EOF
 		echo '<div class="ui-layout-center">';
 		echo '	<div id="top-bar" style="width:100%">';
 		echo self::FilterXSS($sApplicationBanner);
-		echo '		<div id="global-search"><form action="'.utils::GetAbsoluteUrlAppRoot().'pages/UI.php"><table><tr><td></td><td id="g-search-input"><input type="text" name="text" value="'.self::FilterXSS($sText).'"'.$sOnClick.'/></td>';
+		echo '		<div id="global-search"><form action="'.utils::GetAbsoluteUrlAppRoot().'pages/UI.php"><table><tr><td></td><td id="g-search-input"><input type="text" name="text" value="'.$sText.'"'.$sOnClick.'/></td>';
 		echo '<td><input type="image" src="../images/searchBtn.png"/></a></td>';
 		echo '<td><a style="background:transparent;" href="'.$sOnlineHelpUrl.'" target="_blank"><img style="border:0;padding-left:20px;padding-right:10px;" title="'.Dict::S('UI:Help').'" src="../images/help.png"/></td>';
 		echo '<td style="padding-right:20px;padding-left:10px;">'.self::FilterXSS($sLogOffMenu).'</td><td><input type="hidden" name="operation" value="full_text"/></td></tr></table></form></div>';
diff --git a/application/itopwizardwebpage.class.inc.php b/application/itopwizardwebpage.class.inc.php
index 3b03af1b6..b2207a678 100644
--- a/application/itopwizardwebpage.class.inc.php
+++ b/application/itopwizardwebpage.class.inc.php
@@ -48,7 +48,7 @@ class iTopWizardWebPage extends iTopWebPage
     		$sStyle = ($iIndex == $this->m_iCurrentStep) ? 'wizActiveStep' : 'wizStep';
     		$aSteps[] = "<div class=\"$sStyle\"><span>$sStepTitle</span></div>";
     	}
-    	$sWizardHeader = "<div class=\"wizHeader\"><h1>{$this->s_title}</h1>\n".implode("<div class=\"wizSeparator\"><img align=\"bottom\" src=\"../images/wizArrow.gif\"></div>", $aSteps)."<br style=\"clear:both;\"/></div>\n";
+    	$sWizardHeader = "<div class=\"wizHeader\"><h1>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</h1>\n".implode("<div class=\"wizSeparator\"><img align=\"bottom\" src=\"../images/wizArrow.gif\"></div>", $aSteps)."<br style=\"clear:both;\"/></div>\n";
     	$this->s_content = "$sWizardHeader<div class=\"wizContainer\">".$this->s_content."</div>";
     	parent::output();
 	}
diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php
index 825b44cab..0dd97f9e2 100644
--- a/application/webpage.class.inc.php
+++ b/application/webpage.class.inc.php
@@ -366,7 +366,7 @@ class WebPage
         echo "<html>\n";
         echo "<head>\n";
 		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
-        echo "<title>{$this->s_title}</title>\n";
+        echo "<title>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</title>\n";
         echo $this->get_base_tag();
         foreach($this->a_linked_scripts as $s_script)
         {
diff --git a/setup/setuppage.class.inc.php b/setup/setuppage.class.inc.php
index 58d6c762f..562b46a49 100644
--- a/setup/setuppage.class.inc.php
+++ b/setup/setuppage.class.inc.php
@@ -245,7 +245,7 @@ h3.clickable.open {
 	
 	public function output()
 	{
-		$this->s_content = "<div id=\"header\"><h1><a href=\"http://www.combodo.com/itop\" target=\"_blank\"><img title=\"iTop by Combodo\" src=\"../images/itop-logo.png\"></a>&nbsp;{$this->s_title}</h1>\n</div><div id=\"setup\">{$this->s_content}\n</div>\n";
+		$this->s_content = "<div id=\"header\"><h1><a href=\"http://www.combodo.com/itop\" target=\"_blank\"><img title=\"iTop by Combodo\" src=\"../images/itop-logo.png\"></a>&nbsp;".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</h1>\n</div><div id=\"setup\">{$this->s_content}\n</div>\n";
 		return parent::output();
 	}