diff --git a/modules/notes/notes_ajax_content.php b/modules/notes/notes_ajax_content.php
index ad01f0a86aa89aaad6c3bd56ef8a3857b7da2dab..d2f3f30224b896a59c357dce4a113dc3024396b8 100755
--- a/modules/notes/notes_ajax_content.php
+++ b/modules/notes/notes_ajax_content.php
@@ -382,7 +382,7 @@ switch ($mode) {
                     $content .= '</option>';
                 }
                 $content .= '</select><br />';
-                $content .= '<textarea style="width:500px" cols="70" rows="10"  name="notes"  id="notes">'.$notes.'</textarea>';
+                $content .= '<textarea style="width:500px" cols="70" rows="10"  name="notes"  id="notes">'.functions::xssafe($notes).'</textarea>';
                 $content .= '<h3 class="sstit" style="color: red">'._THIS_NOTE_IS_VISIBLE_BY.'</h3>';
                 $content .= '<table align="center" width="100%" id="template_entities">';
                 $content .= '<tr><td width="20%" align="center">';