diff --git a/lam/templates/upload/masscreate.php b/lam/templates/upload/masscreate.php
index 711b855e..80789871 100644
--- a/lam/templates/upload/masscreate.php
+++ b/lam/templates/upload/masscreate.php
@@ -142,7 +142,7 @@ if (isset($_POST['type'])) {
 // show start page
 $divClass = 'user';
 if (isset($_REQUEST['type'])) {
-	$divClass = \LAM\TYPES\getScopeFromTypeId($_REQUEST['type']);
+	$divClass = htmlspecialchars(\LAM\TYPES\getScopeFromTypeId($_REQUEST['type']));
 }
 echo '<div class="' . $divClass . '-bright smallPaddingContent">';
 echo "<div class=\"title\">\n";