diff --git a/ChangeLog b/ChangeLog
index abaf739da..9ece09dfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset legend 
 - bug #1764735 [core] Designer: PDF error when deleting a table
 - bug #1764195 [views] DROP button does not work on defective views 
+- bug #1805773 [relations] browse foreign values: return values not escaped,
+  thanks to Alex Rambau
 
 2.11.1.0 (2007-09-20)
 
diff --git a/browse_foreigners.php b/browse_foreigners.php
index 4d2670aa4..d9d4673c0 100644
--- a/browse_foreigners.php
+++ b/browse_foreigners.php
@@ -247,7 +247,7 @@ if (isset($disp_row) && is_array($disp_row)) {
             .'<a href="#" title="' . $strUseThisValue
             . ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '"'
             .' onclick="formupdate(\'' . md5($field) . '\', \''
-            . htmlspecialchars($key_ordered_current_key) . '\'); return false;">'
+            . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
             .htmlspecialchars($key_ordered_current_key) . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
         ?></td>
         <td>
@@ -255,7 +255,7 @@ if (isset($disp_row) && is_array($disp_row)) {
         echo ($key_ordered_current_equals_data ? '<b>' : '')
             . '<a href="#" title="' . $strUseThisValue . ($key_ordered_current_val_title != '' ? ': '
             . $key_ordered_current_val_title : '') . '" onclick="formupdate(\''
-            . md5($field) . '\', \'' . htmlspecialchars($key_ordered_current_key) . '\'); return false;">'
+            . md5($field) . '\', \'' . htmlspecialchars(addslashes($key_ordered_current_key)) . '\'); return false;">'
             . $key_ordered_current_val . '</a>' . ($key_ordered_current_equals_data ? '</b>' : '');
         ?></td>
         <td width="20%">
@@ -267,7 +267,7 @@ if (isset($disp_row) && is_array($disp_row)) {
         echo ($val_ordered_current_equals_data ? '<b>' : '')
             . '<a href="#" title="' . $strUseThisValue .  ($val_ordered_current_val_title != '' ? ': '
             . $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field)
-            . '\', \'' . htmlspecialchars($val_ordered_current_key) . '\'); return false;">'
+            . '\', \'' . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">'
             . $val_ordered_current_val . '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
         ?></td>
         <td nowrap="nowrap">
@@ -275,7 +275,7 @@ if (isset($disp_row) && is_array($disp_row)) {
         echo ($val_ordered_current_equals_data ? '<b>' : '') . '<a href="#" title="'
         . $strUseThisValue .  ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '')
         . '" onclick="formupdate(\'' . md5($field) . '\', \''
-        . htmlspecialchars($val_ordered_current_key) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
+        . htmlspecialchars(addslashes($val_ordered_current_key)) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
         . '</a>' . ($val_ordered_current_equals_data ? '</b>' : '');
         ?></td>
     </tr>