Index: typo3/backend.php
===================================================================
--- typo3/backend.php	(revision 6908)
+++ typo3/backend.php	(working copy)
@@ -103,7 +103,9 @@
 			'js/iecompatibility.js',
 			'js/flashupload.js',
 			'../t3lib/jsfunc.evalfield.js',
-			'ajax.php?ajaxID=ExtDirect::getAPI&namespace=TYPO3.Backend'
+			htmlspecialchars(
+				'ajax.php?ajaxID=ExtDirect::getAPI&namespace=TYPO3.Backend'
+			),
 		);
 
 		$this->jsFilesAfterInline = array(