diff --git a/workflow/engine/methods/dynaforms/fields_Edit.php b/workflow/engine/methods/dynaforms/fields_Edit.php
index cb26cfda5..125ed576c 100755
--- a/workflow/engine/methods/dynaforms/fields_Edit.php
+++ b/workflow/engine/methods/dynaforms/fields_Edit.php
@@ -182,8 +182,9 @@ if (($RBAC_Response=$RBAC->userCanAccess("PM_FACTORY"))!=1) return $RBAC_Respons
 
     
     if( isset($Fields['PME_HINT']) ) {
-      $Fields['PME_HINT'] = str_replace("\'", "'", $Fields['PME_HINT']);
-      $Fields['PME_HINT'] = str_replace("&", "&", $Fields['PME_HINT']);
+      $Fields['PME_HINT'] = stripslashes($Fields['PME_HINT']);
+      $Fields['PME_HINT'] = htmlspecialchars_decode($Fields['PME_HINT']);
+      $Fields['PME_HINT'] = str_replace("'", "'", $Fields['PME_HINT']);
     }
 
     if (file_exists( PATH_XMLFORM . 'dynaforms/fields/' . $type . '.xml')) {
diff --git a/workflow/engine/methods/dynaforms/fields_Save.php b/workflow/engine/methods/dynaforms/fields_Save.php
index 86fad2938..b3eea978e 100755
--- a/workflow/engine/methods/dynaforms/fields_Save.php
+++ b/workflow/engine/methods/dynaforms/fields_Save.php
@@ -141,8 +141,11 @@ if (($RBAC_Response=$RBAC->userCanAccess("PM_FACTORY"))!=1) return $RBAC_Respons
 
   if ($_POST['form']['XMLNODE_NAME']==='') return;
 
-
   $attributes = $_POST['form'];
+  
+  $attributes['HINT'] = addslashes($attributes['HINT']);
+  $attributes['HINT'] = htmlspecialchars($attributes['HINT'], ENT_QUOTES, "UTF-8");
+  
   if (isset($attributes['CODE'])) $attributes['XMLNODE_VALUE'] = ($attributes['CODE']);
 
   $labels = array();