diff --git a/reset.php b/reset.php
index bc31c25..6061e54 100644
--- a/reset.php
+++ b/reset.php
@@ -62,8 +62,8 @@ if (isset($_POST['resetkey']) && $_POST['resetkey'] !='' && $_POST['password_upd
     $resetkey = $_POST['resetkey'];
 
     //Clean up passwords
-    $password = trim($_POST["password"]);
-    $confirm_password = trim($_POST["password_update"]);
+    $password = htmlspecialchars(trim($_POST["password"]), ENT_QUOTES);
+    $confirm_password = htmlspecialchars(trim($_POST["password_update"]), ENT_QUOTES);
 
     //Check if passwords are equal
     if ($password == $confirm_password){