diff --git a/tests/admin_pages/test_form.py b/tests/admin_pages/test_form.py
index 50d6e99f0..7dce77de7 100644
--- a/tests/admin_pages/test_form.py
+++ b/tests/admin_pages/test_form.py
@@ -848,11 +848,18 @@ def test_form_workflow_role(pub):
assert FormDef.get(1).workflow_roles == {'_receiver': '1'}
# check it doesn't fail if a second role with the same name exists
- role = pub.role_class(name='foobar')
- role.store()
+ role2 = pub.role_class(name='foobar')
+ role2.store()
resp = app.get('/backoffice/forms/1/')
resp = resp.click(href='role/_receiver')
+ # check HTML is escaped
+ role.name = 'foobar'
+ role.store()
+ resp = app.get('/backoffice/forms/1/')
+ assert 'foobar' not in resp.text
+ assert 'foo<strong>bar</strong>' in resp.text
+
def test_form_workflow_options(pub):
create_superuser(pub)
diff --git a/wcs/admin/forms.py b/wcs/admin/forms.py
index 9cb91aaef..4dbf9ca34 100644
--- a/wcs/admin/forms.py
+++ b/wcs/admin/forms.py
@@ -21,7 +21,7 @@ from collections import defaultdict
from quixote import get_publisher, get_request, get_response, get_session, redirect
from quixote.directory import AccessControlled, Directory
-from quixote.html import TemplateIO, htmltext
+from quixote.html import TemplateIO, htmlescape, htmltext
from wcs.backoffice.snapshots import SnapshotsDirectory
from wcs.carddef import CardDef
@@ -672,7 +672,7 @@ class FormDefPage(Directory):
'popup': 'popup' if popup else '',
'link': link,
'label': label,
- 'current_value': current_value,
+ 'current_value': htmlescape(current_value),
}
)