Fixed potential xss vulnerability

includes/qcodo/_core/qform/QFormBase.class.php

@@ -908,7 +908,7 @@ protected function RenderBegin($blnDisplayOutput = true) {
 				$strFormAttributes .= ' class="' . $this->strCssClass . '"';
 
 			// Setup Rendered HTML
-			$strToReturn .= sprintf('<form method="post" id="%s" action="%s"%s>', $this->strFormId, QApplication::$RequestUri, $strFormAttributes);
+			$strToReturn .= sprintf('<form method="post" id="%s" action="%s"%s>', $this->strFormId, QApplication::HtmlEntities(QApplication::$RequestUri), $strFormAttributes);
 			$strToReturn .= "\r\n";
 
 			// Include javascripts that need to be included