diff --git a/product/PortalTransforms/transforms/safe_html.py b/product/PortalTransforms/transforms/safe_html.py
index 7275e236b65b92a10e04383082d291f1ad8a3969..de232353d90001fcb33c8c68e7e894de22e0549c 100644
--- a/product/PortalTransforms/transforms/safe_html.py
+++ b/product/PortalTransforms/transforms/safe_html.py
@@ -219,7 +219,7 @@ class StrippingParser(HTMLParser):
                             self.original_charset = match.group('charset')
                         v = charset_parser.sub(
                             CharsetReplacer(self.default_encoding), v)
-                    self.result.append(' %s="%s"' % (k, v))
+                    self.result.append(' %s="%s"' % (k, escape(v, True)))
 
             #UNUSED endTag = '</%s>' % tag
             if safeToInt(self.valid.get(tag)):