diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 3c72f8a6..9e1a9128 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -403,7 +403,7 @@ function package_details($id=0) {
 					print "</span>";
 					print "<tr><td class='boxSoft'>";
 					print "<code>\n";
-					print str_replace('"',"&quot;", stripslashes($carr["Comments"]));
+					print str_replace('"',"&quot;", htmlspecialchars(strip_tags(stripslashes($carr["Comments"]))));
 					print "</code>\n";
 					print "</td></tr>\n";
 					print "</table>\n";