diff --git a/application/webpage.class.inc.php b/application/webpage.class.inc.php
index 8d7a81e5f..b633cc709 100644
--- a/application/webpage.class.inc.php
+++ b/application/webpage.class.inc.php
@@ -657,7 +657,7 @@ class WebPage implements Page
 		foreach ($aActions as $aAction)
 		{
 			$sClass = isset($aAction['class']) ? " class=\"{$aAction['class']}\"" : "";
-			$sOnClick = isset($aAction['onclick']) ? " onclick=\"{$aAction['onclick']}\"" : "";
+			$sOnClick = isset($aAction['onclick']) ? ' onclick="'.htmlspecialchars($aAction['onclick'], ENT_QUOTES, "UTF-8").'"' : '';
 			$sTarget = isset($aAction['target']) ? " target=\"{$aAction['target']}\"" : "";
 			if (empty($aAction['url']))
 			{