diff --git a/html/user/gallery.inc b/html/user/gallery.inc
index 25773655f8..a3a3283a49 100755
--- a/html/user/gallery.inc
+++ b/html/user/gallery.inc
@@ -2,6 +2,7 @@
require_once("project_specific/project.inc");
require_once("profile.inc");
+require_once("sanitize_html.inc");
// Generates the html files which comprise the photo gallery.
// $room: which gallery to generate (user, computer).
@@ -301,7 +302,7 @@ function get_profile_summary($userid) {
if (strlen($row['response1']) != 0) {
- $description = "(\"" . substr($row['response1'], 0, MAX_DESC_LENGTH);
+ $description = "(\"" . sanitize_html(substr($row['response1'], 0, MAX_DESC_LENGTH));
if (strlen($row['response1']) >= MAX_DESC_LENGTH) {
$description = $description . "...";
}