diff --git a/www/index.php b/www/index.php
index cdab45dbf8fb1c82bb5b00ffb7008540b23256c3..76ef3c7126fbcb09602c13e1f2ac67fa38408629 100644
--- a/www/index.php
+++ b/www/index.php
@@ -61,7 +61,7 @@ $params = array(
 if (!empty($apiKey)) {
     $params['key'] = $apiKey;
 }
-$page->addScript('//www.google.com/jsapi?' . http_build_query($params));
+$page->addScript(htmlspecialchars('//www.google.com/jsapi?' . http_build_query($params)));
 $page->addStyleSheet('css/search.css');
 
 //u is referring site