diff --git a/includes/types/quest.class.php b/includes/types/quest.class.php
index f730222d..2c219a96 100644
--- a/includes/types/quest.class.php
+++ b/includes/types/quest.class.php
@@ -313,7 +313,7 @@ class QuestList extends BaseType
         if (!$this->curTpl)
             return null;
 
-        $title = Util::jsEscape($this->getField('name', true));
+        $title = Util::jsEscape(htmlentities($this->getField('name', true)));
         $level = $this->curTpl['level'];
         if ($level < 0)
             $level = 0;
diff --git a/pages/quest.php b/pages/quest.php
index 36124c8b..f1a6c3e7 100644
--- a/pages/quest.php
+++ b/pages/quest.php
@@ -33,7 +33,8 @@ class QuestPage extends GenericPage
         if ($this->subject->error)
             $this->notFound();
 
-        $this->name = $this->subject->getField('name', true);
+        // may contain htmlesque tags
+        $this->name = htmlentities($this->subject->getField('name', true));
     }
 
     protected function generatePath()
@@ -46,7 +47,8 @@ class QuestPage extends GenericPage
 
     protected function generateTitle()
     {
-        array_unshift($this->title, $this->name, Util::ucFirst(Lang::game('quest')));
+        // page title already escaped
+        array_unshift($this->title, $this->subject->getField('name', true), Util::ucFirst(Lang::game('quest')));
     }
 
     protected function generateContent()