diff --git a/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php b/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
index df9cf6b5d..de626b9b9 100644
--- a/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
+++ b/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
@@ -893,7 +893,7 @@ JS
 				} else if ($oAttDef->IsExternalKey()) {
 
 					/** @var \AttributeExternalKey $oAttDef */
-					$aAttProperties['value_html'] = $oItem->Get($sAttCode.'_friendlyname');
+					$aAttProperties['value_html'] = utils::EscapeHtml($oItem->Get($sAttCode.'_friendlyname'));
 
 					// Checking if user can access object's external key
 					$sObjectUrl = ApplicationContext::MakeObjectUrl($oAttDef->GetTargetClass(), $oItem->Get($sAttCode));