diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index bc25a71f2..0076f69df 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -274,6 +274,7 @@ class documentController extends document
 			$obj->homepage = $logged_info->homepage;
 		}
 		// If the tile is empty, extract string from the contents.
+		$obj->title = htmlspecialchars($obj->title);
 		settype($obj->title, "string");
 		if($obj->title == '') $obj->title = cut_str(trim(strip_tags(nl2br($obj->content))),20,'...');
 		// If no tile extracted from the contents, leave it untitled.