diff --git a/dev/Debug.php b/dev/Debug.php
index b7369995e..a4be32329 100644
--- a/dev/Debug.php
+++ b/dev/Debug.php
@@ -532,9 +532,9 @@ class Debug {
 				} else {
 					$name = self::full_func_name($item,true);
 				}
-				$result .= "<li><b>" . $name . "</b>\n<br />\n";
+				$result .= "<li><b>" . htmlentities($name) . "</b>\n<br />\n";
 				$result .= isset($item['line']) ? "Line $item[line] of " : '';
-				$result .=  isset($item['file']) ? basename($item['file']) : ''; 
+				$result .=  isset($item['file']) ? htmlentities(basename($item['file'])) : ''; 
 				$result .= "</li>\n";
 			}
 		}
diff --git a/dev/DebugView.php b/dev/DebugView.php
index b96061a0f..c19658ae4 100644
--- a/dev/DebugView.php
+++ b/dev/DebugView.php
@@ -96,8 +96,8 @@ class DebugView {
 	 */
 	public function writeInfo($title, $subtitle, $description=false) {
 		echo '<div class="info">';
-		echo "<h1>$title</h1>";
-		echo "<h3>$subtitle</h3>";
+		echo "<h1>" . Convert::raw2xml($title) . "</h1>";
+		echo "<h3>" . Convert::raw2xml($subtitle) . "</h3>";
 		if ($description) {
 			echo "<p>$description</p>";
 		} else {