diff --git a/emhttp/plugins/dynamix/include/Helpers.php b/emhttp/plugins/dynamix/include/Helpers.php
index be1c17b65..5e4d1825a 100644
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -180,6 +180,8 @@ function my_error($code) {
 }
 
 function mk_option($select, $value, $text, $extra="") {
+  $value = htmlspecialchars($value);
+  $text = htmlspecialchars($text);
   return "<option value='$value'".($value == $select ? " selected" : "").(strlen($extra) ? " $extra" : "").">$text</option>";
 }