diff --git a/lam/templates/login.php b/lam/templates/login.php
index b438a9e9..50fa5c4f 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -71,7 +71,7 @@ if (isset($_GET['useProfile'])) {
 
 // save last selected language
 if (isset($_POST['language'])) {
-	setcookie('lam_last_language', $_POST['language'], time() + 365*60*60*24);
+	setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24);
 }
 
 // init some session variables