diff --git a/plugins/tasklist/drivers/database/tasklist_database_driver.php b/plugins/tasklist/drivers/database/tasklist_database_driver.php
index 8e56923d..56f4cf71 100644
--- a/plugins/tasklist/drivers/database/tasklist_database_driver.php
+++ b/plugins/tasklist/drivers/database/tasklist_database_driver.php
@@ -76,6 +76,7 @@ class tasklist_database_driver extends tasklist_driver
         while ($result && ($arr = $this->rc->db->fetch_assoc($result))) {
           $arr['showalarms'] = intval($arr['showalarms']);
           $arr['active'] = !in_array($arr['id'], $hidden);
+          $arr['name'] = html::quote($arr['name']);
           $arr['editable'] = true;
           $this->lists[$arr['id']] = $arr;
           $list_ids[] = $this->rc->db->quote($arr['id']);
diff --git a/plugins/tasklist/tasklist_ui.php b/plugins/tasklist/tasklist_ui.php
index 0a9f3f1f..2b7cfe00 100644
--- a/plugins/tasklist/tasklist_ui.php
+++ b/plugins/tasklist/tasklist_ui.php
@@ -113,7 +113,7 @@ class tasklist_ui
             $li .= html::tag('li', array('id' => 'rcmlitasklist' . $html_id, 'class' => $class),
                 html::tag('input', array('type' => 'checkbox', 'name' => '_list[]', 'value' => $id, 'checked' => $prop['active'])) .
                 html::span('handle', ' ') .
-                html::span('listname', Q($prop['name'])));
+                html::span('listname', $prop['name']));
         }
 
         $this->rc->output->set_env('tasklists', $jsenv);
@@ -128,8 +128,10 @@ class tasklist_ui
      */
     function tasklist_select($attrib = array())
     {
-        $attrib['name'] = 'list';
+        $attrib['name']       = 'list';
+        $attrib['is_escaped'] = true;
         $select = new html_select($attrib);
+
         foreach ((array)$this->plugin->driver->get_lists() as $id => $prop) {
             if ($prop['editable'])
                 $select->add($prop['name'], $id);