diff --git a/libraries/sqlparser.lib.php b/libraries/sqlparser.lib.php
index 488cde211..753f94cb6 100644
--- a/libraries/sqlparser.lib.php
+++ b/libraries/sqlparser.lib.php
@@ -2425,7 +2425,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
             }
             $after                 .= "\n";
 */
-            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
+            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
         } // end for
         if ($mode=='color') {
             $str .= '</span>';