diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index 1fae70e4496f555d01bd4281aed9829f7746887e..4f2997f1889eea2af3c28d80bea9a1f971858fc5 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -190,7 +190,7 @@ class Utils {
}
public static function fromPostOrDefault($postKey, $default = '') {
- return !empty($_POST[$postKey]) ? Utils::htmlEscape($_POST[$postKey]) : $default;
+ return !empty($_POST[$postKey]) ? $_POST[$postKey] : $default;
}
public static function base64url_encode($input) {
diff --git a/tpl/create_poll.tpl b/tpl/create_poll.tpl
index 3e42d9b062f312db231a1156ceccdd8f29fbc389..780431eacbc44371eba3328474eff9234d088268 100644
--- a/tpl/create_poll.tpl
+++ b/tpl/create_poll.tpl
@@ -42,7 +42,7 @@
<input id="customize_id" name="customize_id" type="checkbox"/>
</span>
<input id="poll_id" type="text" name="id" class="form-control" {$errors['id']['aria']}
- value="{$poll_id}" aria-describedBy="pollIdDesc" disabled="disabled" maxlength="64"
+ value="{$poll_id|html}" aria-describedBy="pollIdDesc" disabled="disabled" maxlength="64"
pattern="[A-Za-z0-9-]+"/>
</div>
<span id="pollIdDesc" class="help-block">{__('Step 1', 'Poll id rules')}</span>
@@ -104,7 +104,7 @@
{if $useRemoteUser}
<input type="hidden" name="mail" value="{$form->admin_mail}">{$form->admin_mail}
{else}
- <input id="email" type="text" name="mail" class="form-control" {$errors['email']['aria']} value="{$poll_mail}" />
+ <input id="email" type="text" name="mail" class="form-control" {$errors['email']['aria']} value="{$poll_mail|html}" />
{/if}
</div>
</div>