diff --git a/sources/application/WebPage/DownloadPage.php b/sources/application/WebPage/DownloadPage.php
index 360213ac3..3bf8c7669 100644
--- a/sources/application/WebPage/DownloadPage.php
+++ b/sources/application/WebPage/DownloadPage.php
@@ -31,6 +31,11 @@ class DownloadPage extends AjaxPage
 			header($s_header);
 		}
 
-		echo $this->sContent;
+		if (($this->sContentType == 'text/html') && ($this->sContentDisposition == 'inline')) {
+			// inline content != attachment && html => filter all scripts for malicious XSS scripts
+			echo self::FilterXSS($this->sContent);
+		} else {
+			echo $this->sContent;
+		}
 	}
 }