diff --git a/lib/init.php b/lib/init.php
index ebbd421a..a21d913a 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -61,7 +61,7 @@ unset($_);
 unset($value);
 unset($key);
 
-$filename = basename($_SERVER['PHP_SELF']);
+$filename = htmlentities(basename($_SERVER['PHP_SELF']));
 
 // define default theme for configurehint, etc.
 $_deftheme = 'Sparkle';