diff --git a/extension/qfq/qfq/helper/Ldap.php b/extension/qfq/qfq/helper/Ldap.php
index 8f4b3161dac53464a56d4e19d2a2cb4aaf32d519..ffbf3a716e50c52b91421fc814845e4cf8cc09a8 100644
--- a/extension/qfq/qfq/helper/Ldap.php
+++ b/extension/qfq/qfq/helper/Ldap.php
@@ -135,7 +135,7 @@ class Ldap {
             // Collect all attributes
             foreach ($attr as $key) {
                 $value = isset($info[0][$key][0]) ? $info[0][$key][0] : '';
-                $arr[$key] = $value;
+                $arr[$key] = htmlentities($value);
             }
         }
         ldap_close($ds);
@@ -193,7 +193,7 @@ class Ldap {
         $args = array($format);
 
         foreach ($keyArr as $key) {
-            $args[] = (isset($infoElement[$key][0])) ? $infoElement[$key][0] : '';
+            $args[] = (isset($infoElement[$key][0])) ? htmlentities($infoElement[$key][0]) : '';
         }
 
         return call_user_func_array('sprintf', $args);