diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php
index 496a8f2e25103fb64d863e5fbb81ddb98ea75bfd..63621d56a82f97ad9792e4f09a70b5e2d6699690 100644
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@@ -763,7 +763,7 @@ class ExtraFields
 		}
 		elseif ($type == 'phone')
 		{
-			$out='<input type="text" class="flat" name="'.$keysuffix.'options_'.$key.$keyprefix.'"  size="20" value="'.$value.'" '.($moreparam?$moreparam:'').'>';
+			$out='<input type="text" class="flat" name="'.$keysuffix.'options_'.$key.$keyprefix.'"  size="20" value="'.htmlentities($value).'" '.($moreparam?$moreparam:'').'>';
 		}
 		elseif ($type == 'price')
 		{