diff -ruN e-smith-hosts-2.0.0.old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/hostentries.pm e-smith-hosts-2.0.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/hostentries.pm
--- e-smith-hosts-2.0.0.old/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/hostentries.pm	2008-10-07 18:35:49.000000000 +0100
+++ e-smith-hosts-2.0.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/hostentries.pm	2011-03-10 22:05:37.000000000 +0000
@@ -33,6 +33,7 @@
 use Exporter;
 use Carp;
 use Net::IPv4Addr;
+use HTML::Entities;
 
 our @ISA = qw(esmith::FormMagick Exporter);
 
@@ -202,7 +203,7 @@
     $self->print_td($self->localise($host_record->prop('HostType')) || " ");
     $self->print_td($ip);
     $self->print_td($host_record->prop('MACAddress') || " ");
-    $self->print_td($host_record->prop('Comment') || " ");
+    $self->print_td(HTML::Entities::encode($host_record->prop('Comment')) || " ");
     my $static = $host_record->prop('static') || "no";
     if ($static ne 'yes') {
         my $propstring = $self->build_host_cgi_params($host_record->key(), $host_record->props());
@@ -246,7 +247,7 @@
         global_ip        => $oldprops{ExternalIP},
         ethernet_address => $oldprops{MACAddress},
         hosttype         => $oldprops{HostType},
-        comment          => $oldprops{Comment},
+        comment          => HTML::Entities::encode($oldprops{Comment}),
     );
 
     return $self->props_to_query_string(\%props);
@@ -455,7 +456,7 @@
 	next unless $val;
 	my $label = $label_map{$f} || uc($f);
         print $q->Tr (esmith::cgi::genSmallCell($q, $self->localise($label),"normal"),
-        esmith::cgi::genSmallCell($q, $val,"normal"));
+        esmith::cgi::genSmallCell($q, HTML::Entities::encode($val),"normal"));
     }
 
     print qq(</table>);