diff --git a/workflow/engine/methods/cases/proxyDataCombobox.php b/workflow/engine/methods/cases/proxyDataCombobox.php
index f7528e39e..a0d65d2df 100755
--- a/workflow/engine/methods/cases/proxyDataCombobox.php
+++ b/workflow/engine/methods/cases/proxyDataCombobox.php
@@ -5,8 +5,8 @@
  */
 
 $appUid    = isset($_POST["appUid"])? $_POST["appUid"] : "";
-$dynUid    = isset($_POST["dynUid"])? $_POST["dynUid"] : "";
-$proUid    = isset($_POST["proUid"])? $_POST["proUid"] : "";
+$dynUid    = isset($_POST["dynUid"])? htmlspecialchars($_POST["dynUid"]) : "";
+$proUid    = isset($_POST["proUid"])? htmlspecialchars($_POST["proUid"]) : "";
 $fieldName = isset($_POST["fieldName"])? $_POST["fieldName"] : "";
 
 $filename = $proUid . PATH_SEP . $dynUid . ".xml";