diff --git a/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl b/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
index c04a7341d4971511e7777df044dc3b36b0db34e6..dea10cf2bb9f9de46f2dfd1a372970e0ff97b513 100644
--- a/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
+++ b/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
@@ -47,7 +47,7 @@
                             </div>
                             <div class="col-lg-6">
                                 {if !empty($TO)}
-                                    {assign var=TO_EMAILS value=","|implode:$TO}
+                                    {assign var=TO_EMAILS value=","|implode:$TO|htmlentities}
                                 {/if}
                                 <input id="emailField" style="width:100%" name="toEmail" type="text" class="autoComplete sourceField select2" data-rule-required="true" data-rule-multiEmails="true" value="{$TO_EMAILS}" placeholder="{vtranslate('LBL_TYPE_AND_SEARCH',$MODULE)}">
                             </div>