--- typo3/class.db_list_extra.inc	Thu Sep 01 10:40:05 2011
+++ typo3/class.db_list_extra.inc	Thu Sep 01 10:38:46 2011
@@ -959,7 +959,7 @@
 											'</a>';
 						}
 					}
-					$theData[$fCol].=$this->addSortLink($LANG->sL(t3lib_BEfunc::getItemLabel($table,$fCol,'<i>[|]</i>')),$fCol,$table);
+					$theData[$fCol].=$this->addSortLink(htmlspecialchars($LANG->sL(t3lib_BEfunc::getItemLabel($table,$fCol,'<i>[|]</i>'))),$fCol,$table);
 				break;
 			}