diff --git a/pages/ajax.render.php b/pages/ajax.render.php
index 31956a231b..622d641f18 100644
--- a/pages/ajax.render.php
+++ b/pages/ajax.render.php
@@ -998,7 +998,7 @@ JS
 				break;
 
 			case 'revert_dashboard':
-				$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
+				$sDashboardId = utils::ReadParam('dashboard_id', '', false, utils::ENUM_SANITIZATION_FILTER_CONTEXT_PARAM);
 				$sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
 				appUserPreferences::UnsetPref('display_original_dashboard_'.$sDashboardId);
 				$oDashboard = new RuntimeDashboard($sDashboardId);
diff --git a/pages/run_query.php b/pages/run_query.php
index 9177b6ff76..3874676bab 100644
--- a/pages/run_query.php
+++ b/pages/run_query.php
@@ -306,7 +306,7 @@ JS
 					$sBefore = substr($sExpression, 0, $e->GetColumn());
 					$sAfter = substr($sExpression, $e->GetColumn() + strlen($sWrongWord));
 					$sFixedExpression = $sBefore.$sSuggestedWord.$sAfter;
-					$sFixedExpressionHtml = $sBefore.'<span class="ibo-run-query--highlight">'.$sSuggestedWord.'</span>'.$sAfter;
+					$sFixedExpressionHtml = $sBefore.'<span class="ibo-run-query--highlight">'.$sSuggestedWord.'</span>'.utils::EscapeHtml($sAfter);
 					$sSyntaxErrorText .= "<p>Suggesting: $sFixedExpressionHtml</p>";
 					$oSyntaxErrorPanel->AddSubBlock(new Html($sSyntaxErrorText));
 
diff --git a/pages/tagadmin.php b/pages/tagadmin.php
index 7a4e65fb50..ff12f85773 100644
--- a/pages/tagadmin.php
+++ b/pages/tagadmin.php
@@ -106,6 +106,7 @@ try {
 
 		// Menu node
 		$sFilter = $oFilter->ToOQL();
+		$sFilter = utils::EscapeHtml($sFilter);
 		$oP->add("\n<!-- $sFilter -->\n");
 	} else {
 		$oP->add("<p>");