diff --git a/mod/quiz/questiontypes/shortanswer/questiontype.php b/mod/quiz/questiontypes/shortanswer/questiontype.php
index 9a9e93242d3a0..0d1ce9082e6e9 100644
--- a/mod/quiz/questiontypes/shortanswer/questiontype.php
+++ b/mod/quiz/questiontypes/shortanswer/questiontype.php
@@ -99,7 +99,7 @@ function save_question_options($question) {
             return true;
         }
     }
-    
+
     function print_question_formulation_and_controls($question,
             $quiz, $readonly, $answers, $correctanswers, $nameprefix) {
     /// This implementation is also used by question type NUMERICAL
@@ -115,7 +115,7 @@ function print_question_formulation_and_controls($question,
 
         $stranswer = get_string("answer", "quiz");
         if (isset($question->response[$nameprefix])) {
-            $value = ' value="'.$question->response[$nameprefix].'" ';
+            $value = ' value="'.htmlSpecialChars($question->response[$nameprefix]).'" ';
         } else {
             $value = ' value="" ';
         }