diff --git a/html/user/job_file.php b/html/user/job_file.php
index 799ac7af6d..c1028fe283 100644
--- a/html/user/job_file.php
+++ b/html/user/job_file.php
@@ -291,7 +291,7 @@ xml_header();
 $req = $_POST['request'];
 $r = simplexml_load_string($req);
 if (!$r) {
-    xml_error(-1, "can't parse request message: $req", __FILE__, __LINE__);
+    xml_error(-1, "can't parse request message: ".htmlspecialchars($req), __FILE__, __LINE__);
 }
 
 switch($r->getName()) {