diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php
index e1f666369..932f771a1 100644
--- a/application/itopwebpage.class.inc.php
+++ b/application/itopwebpage.class.inc.php
@@ -265,8 +265,9 @@ EOF
 	$('.attribute-set-item').each(function(){
 	    $(this).qtip({
 	       content: {
+	       	 // Encoding only title as the content is already sanitized by the HTML attribute.
 	         text: $(this).attr('data-description'),
-	         title: { text: $(this).attr('data-label')},
+	         title: { text: $('<div/>').text($(this).attr('data-label')).html()},
 	       },
 	       show: { delay: 300, when: 'mouseover' },
 	       hide: { delay: 140, when: 'mouseout', fixed: true },
diff --git a/core/attributedef.class.inc.php b/core/attributedef.class.inc.php
index c7ba9520d..330317b81 100644
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -7257,7 +7257,7 @@ class AttributeTagSet extends AttributeSet
 				$sFilter = urlencode($oFilter->serialize());
 				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter."&{$sContext}";
 
-				$sHtml .= '<a href="'.$sUrl.'" class="attribute-set-item attribute-set-item-'.$sTagCode.'" data-code="'.$sTagCode.'" data-label="'.$sTagLabel.'" data-description="'.htmlentities($sTagDescription, ENT_QUOTES, 'UTF-8').'">'.$sTagLabel.'</a>';
+				$sHtml .= '<a href="'.$sUrl.'" class="attribute-set-item attribute-set-item-'.$sTagCode.'" data-code="'.$sTagCode.'" data-label="'.htmlentities($sTagLabel, ENT_QUOTES, 'UTF-8').'" data-description="'.htmlentities($sTagDescription, ENT_QUOTES, 'UTF-8').'">'.$sTagLabel.'</a>';
 			}
 			else
 			{
@@ -7451,7 +7451,7 @@ class AttributeTagSet extends AttributeSet
 
 	static public function GetFormFieldClass()
 	{
-		return '\\Combodo\\iTop\\Form\\Field\\TagSetField';
+		return '\\Combodo\\iTop\\Form\\Field\\SetField';
 	}
 }