diff --git a/classes/display/HTMLDisplayHandler.php b/classes/display/HTMLDisplayHandler.php
index c67cea112..71f12b91a 100644
--- a/classes/display/HTMLDisplayHandler.php
+++ b/classes/display/HTMLDisplayHandler.php
@@ -201,7 +201,7 @@ class HTMLDisplayHandler
 		if(is_array(Context::get('INPUT_ERROR')))
 		{
 			$INPUT_ERROR = Context::get('INPUT_ERROR');
-			$keys = array_keys($INPUT_ERROR);
+			$keys = array_map(function($str) { return preg_quote($str, '@'); }, array_keys($INPUT_ERROR));
 			$keys = '(' . implode('|', $keys) . ')';
 
 			$output = preg_replace_callback('@(<input)([^>]*?)\sname="' . $keys . '"([^>]*?)/?>@is', array(&$this, '_preserveValue'), $output);
@@ -259,42 +259,28 @@ class HTMLDisplayHandler
 
 		// get type
 		$type = 'text';
-		if(preg_match('/\stype="([a-z]+)"/i', $str, $m))
+		if(preg_match('/\stype="([^"]+)"/i', $str, $m))
 		{
 			$type = strtolower($m[1]);
 		}
 
 		switch($type)
 		{
-			case 'text':
-			case 'hidden':
-			case 'email':
-			case 'search':
-			case 'tel':
-			case 'url':
-			case 'email':
-			case 'datetime':
-			case 'date':
-			case 'month':
-			case 'week':
-			case 'time':
-			case 'datetime-local':
-			case 'number':
-			case 'range':
-			case 'color':
-				$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . htmlspecialchars($INPUT_ERROR[$match[3]], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '"';
-				break;
-			case 'password':
-				$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str);
-				break;
 			case 'radio':
 			case 'checkbox':
-				$str = preg_replace('@\schecked(="[^"]*?")?@', ' ', $str);
-				if(@preg_match('@\s(?i:value)="' . $INPUT_ERROR[$match[3]] . '"@', $str))
+				if(preg_match('@\s(?i:value)="' . preg_quote($INPUT_ERROR[$match[3]], '@') . '"@', $str))
 				{
-					$str .= ' checked="checked"';
+					$str = preg_replace('@\schecked(="[^"]*?")?@', ' checked="checked"', $str);
 				}
 				break;
+			default:
+				if (!preg_match('@\svalue="([^"]*?)"@', $str))
+				{
+					$str = $str . ' value=""';
+				}
+				$str = preg_replace_callback('@\svalue="([^"]*?)"@', function() use($INPUT_ERROR, $match) {
+					return ' value="' . escape($INPUT_ERROR[$match[3]], true) . '"';
+				}, $str);
 		}
 
 		return $str . ' />';
@@ -333,7 +319,7 @@ class HTMLDisplayHandler
 	{
 		$INPUT_ERROR = Context::get('INPUT_ERROR');
 		preg_match('@<textarea.*?>@is', $matches[0], $mm);
-		return $mm[0] . $INPUT_ERROR[$matches[1]] . '</textarea>';
+		return $mm[0] . escape($INPUT_ERROR[$matches[1]], true) . '</textarea>';
 	}
 
 	/**
diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index 80cb7ad62..23671c859 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -909,7 +909,7 @@ class ModuleHandler extends Handler
 	public static function _setInputValueToSession()
 	{
 		$requestVars = Context::getRequestVars();
-		unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url);
+		unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url, $requestVars->xe_validator_id);
 		foreach($requestVars AS $key => $value)
 		{
 			$_SESSION['INPUT_ERROR'][$key] = $value;