diff --git a/ChangeLog b/ChangeLog
index 6806bf195..23d2c838d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@ $Source$
 2006-11-17 Michal Čihař  <michal@cihar.com>
     * sql.php, libraries/display_tbl.lib.php: Force pos to be integer to avoid
       XSS.
+    * left.php: Fix XSS on table comment.
 
 2006-11-09 Marc Delisle  <lem9@users.sourceforge.net>
     ### 2.9.1 released from MAINT_2_9_1
diff --git a/left.php b/left.php
index ef39a462e..9ffbe5cdb 100644
--- a/left.php
+++ b/left.php
@@ -533,8 +533,8 @@ function PMA_displayTableList($tables, $visible = false,
             }
             echo ' id="icon_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"'
                 .' width="10" height="10" alt="' . $GLOBALS['strBrowse'] . '" /></a>' . "\n"
-                .'<a href="' . $href . '" title="' . $table['Comment']
-                .' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')"'
+                .'<a href="' . $href . '" title="' . htmlspecialchars($table['Comment']
+                .' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows']) . ')"'
                 .' id="' . htmlspecialchars($table_db . '.' . $table['Name']) . '">'
                 . htmlspecialchars($table['disp_name']) . '</a>';
             echo '</li>' . "\n";