diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php
index 045d99e39a..5d10140173 100644
--- a/actions/peoplesearch.php
+++ b/actions/peoplesearch.php
@@ -158,7 +158,7 @@ class PeoplesearchAction extends Action {
function highlight($text, $terms) {
$pattern = '/('.implode('|',array_map('htmlspecialchars', $terms)).')/i';
- $result = preg_replace($pattern, '\\1', $text);
+ $result = preg_replace($pattern, '\\1', htmlspecialchars($text));
return $result;
}
}