diff --git a/pages/UI.php b/pages/UI.php
index a187da15d..8083960ec 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -817,7 +817,7 @@ try
 			else
 			{
 				$oP->set_title(Dict::S('UI:SearchResultsPageTitle'));
-				$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', $sFullText)."</h1>");
+				$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', htmlentities($sFullText, ENT_QUOTES, 'UTF-8'))."</h1>");
 				$iCount = 0;
 				$iBlock = 0;
 				// Search in full text mode in all the classes
diff --git a/pages/run_query.php b/pages/run_query.php
index 0e617e0ce..218b05d51 100644
--- a/pages/run_query.php
+++ b/pages/run_query.php
@@ -161,7 +161,7 @@ try
 
 	$oP->add("<form method=\"get\">\n");
 	$oP->add(Dict::S('UI:RunQuery:ExpressionToEvaluate')."<br/>\n");
-	$oP->add("<textarea cols=\"120\" rows=\"8\" name=\"expression\">$sExpression</textarea>\n");
+	$oP->add("<textarea cols=\"120\" rows=\"8\" name=\"expression\">".htmlentities($sExpression, ENT_QUOTES, 'UTF-8')."</textarea>\n");
 
 	if (count($aArgs) > 0)
 	{
@@ -187,7 +187,7 @@ try
 
 		$oP->p('');
 		$oP->StartCollapsibleSection(Dict::S('UI:RunQuery:MoreInfo'), false);
-		$oP->p(Dict::S('UI:RunQuery:DevelopedQuery').$oFilter->ToOQL());
+		$oP->p(Dict::S('UI:RunQuery:DevelopedQuery').htmlentities($oFilter->ToOQL(), ENT_QUOTES, 'UTF-8'));
 		$oP->p(Dict::S('UI:RunQuery:SerializedFilter').$oFilter->serialize());
 		$oP->EndCollapsibleSection();
 	}