diff --git a/app/controllers/email_addresses_controller.rb b/app/controllers/email_addresses_controller.rb
index 27c9fd22b..2fb6b2978 100644
--- a/app/controllers/email_addresses_controller.rb
+++ b/app/controllers/email_addresses_controller.rb
@@ -29,10 +29,7 @@ class EmailAddressesController < ApplicationController
     saved = false
     if @user.email_addresses.count <= Setting.max_additional_emails.to_i
       @address = EmailAddress.new(:user => @user, :is_default => false)
-      attrs = params[:email_address]
-      if attrs.is_a?(Hash)
-        @address.address = attrs[:address].to_s
-      end
+      @address.safe_attributes = params[:email_address]
       saved = @address.save
     end
 
diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index ae16b9434..cb6e2fbfe 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -16,6 +16,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class EmailAddress < ActiveRecord::Base
+  include Redmine::SafeAttributes
+
   belongs_to :user
   attr_protected :id
 
@@ -29,6 +31,8 @@ class EmailAddress < ActiveRecord::Base
   validates_uniqueness_of :address, :case_sensitive => false,
     :if => Proc.new {|email| email.address_changed? && email.address.present?}
 
+  safe_attributes 'address'
+
   def address=(arg)
     write_attribute(:address, arg.to_s.strip)
   end