diff --git a/app/helpers/queries_helper.rb b/app/helpers/queries_helper.rb
index 708a8acfb..5e6d91a41 100644
--- a/app/helpers/queries_helper.rb
+++ b/app/helpers/queries_helper.rb
@@ -510,7 +510,7 @@ module QueriesHelper
                               url_params.merge(:query_id => query),
                               :class => css,
                               :title => query.description,
-                              :data => { :disable_with => query.name }) +
+                              :data => { :disable_with => CGI.escapeHTML(query.name) }) +
                         clear_link.html_safe)
         end.join("\n").html_safe,
         :class => 'queries'