diff --git a/wire/core/ProcessController.php b/wire/core/ProcessController.php
index 8a182cd4c..94cfebff1 100644
--- a/wire/core/ProcessController.php
+++ b/wire/core/ProcessController.php
@@ -81,6 +81,7 @@ class ProcessController extends Wire {
 	 *
 	 */
 	public function __construct() {
+		parent::__construct();
 		$this->prefix = 'Process';
 		$this->processMethodName = ''; // blank indicates default/index method
 	}
@@ -463,13 +464,15 @@ protected function getViewFile(Process $process, $method = '') {
 	 * 
 	 * @param string $msg
 	 * @param bool $error
+	 * @param bool $allowMarkup
 	 * @return string JSON encoded string
 	 *
 	 */
-	public function jsonMessage($msg, $error = false) {
+	public function jsonMessage($msg, $error = false, $allowMarkup = false) {
+		if(!$allowMarkup) $msg = $this->wire()->sanitizer->entities($msg);
 		return json_encode(array(
-			'error' => $error, 
-			'message' => $msg
+			'error' => (bool) $error, 
+			'message' => (string) $msg
 		)); 
 	}
 
diff --git a/wire/modules/Process/ProcessPageLister/ProcessPageListerBookmarks.php b/wire/modules/Process/ProcessPageLister/ProcessPageListerBookmarks.php
index 20efa0fde..db2bb0a3d 100644
--- a/wire/modules/Process/ProcessPageLister/ProcessPageListerBookmarks.php
+++ b/wire/modules/Process/ProcessPageLister/ProcessPageListerBookmarks.php
@@ -445,6 +445,7 @@ public function executeEditBookmark() {
 
 		$deleteBookmarkID = $this->bookmarks->_bookmarkID($input->post('delete_bookmark'));
 		if($deleteBookmarkID) {
+			$session->CSRF()->validate();
 			if($this->bookmarks->deleteBookmarkByID($deleteBookmarkID)) {
 				$this->message($this->_('Deleted bookmark'));
 			} else {
@@ -455,7 +456,9 @@ public function executeEditBookmark() {
 		}
 
 		if($input->post('bookmark_title')) {
-			return $this->executeSaveBookmark();
+			$session->CSRF()->validate();
+			$this->executeSaveBookmark();
+			return '';
 		}
 
 		$bookmarkID = $this->bookmarks->_bookmarkID($input->get('bookmark'));