diff --git a/web/ajax/log.php b/web/ajax/log.php
index 645e2e0b3..32427fed5 100644
--- a/web/ajax/log.php
+++ b/web/ajax/log.php
@@ -162,7 +162,7 @@ function queryRequest() {
 
     $row['Server'] = $Server ? $Server->Name() : '';
     // Strip out all characters that are not ASCII 32-126 (yes, 126)
-    $row['Message'] = preg_replace('/[^\x20-\x7E]/', '', $row['Message']);
+    $row['Message'] = preg_replace('/[^\x20-\x7E]/', '', htmlspecialchars($row['Message']));
     $row['File'] = preg_replace('/[^\x20-\x7E]/', '', strip_tags($row['File']));
     $rows[] = $row;
   }