diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
index 0e0ba60eb..238072535 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -30,8 +30,8 @@
 namespace OPNsense\Base;
 
 use OPNsense\Core\Config;
+use OPNsense\Base\ViewTranslator;
 use Phalcon\Mvc\Controller;
-use Phalcon\Translate\Adapter\Gettext;
 
 /**
  * Class ControllerBase implements core controller for OPNsense framework
@@ -42,7 +42,7 @@ class ControllerBase extends ControllerRoot
     /**
      * translate a text
      * @param OPNsense\Core\Config $cnf config handle
-     * @return Gettext
+     * @return ViewTranslator
      */
     public function getTranslator($cnf)
     {
@@ -57,7 +57,7 @@ class ControllerBase extends ControllerRoot
 
         $lang_encoding = $lang . '.UTF-8';
 
-        $ret = new Gettext(array(
+        $ret = new ViewTranslator(array(
             'directory' => '/usr/local/share/locale',
             'defaultDomain' => 'OPNsense',
             'locale' => $lang_encoding,
diff --git a/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php b/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
new file mode 100644
index 000000000..f2c599802
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
@@ -0,0 +1,45 @@
+<?
+
+/**
+ *    Copyright (C) 2016 Franco Fichtner <franco@opnsense.org>
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Base;
+
+use Phalcon\Translate\Adapter\Gettext;
+
+/**
+ * Class ViewTranslator XSS-safe Gettext wrapper
+ * @package OPNsense\Base
+ */
+class ViewTranslator extends Gettext
+{
+    public function _($translateKey, $placeholders = null)
+    {
+        $translateValue = parent::_($translateKey, $placeholders);
+        /* gettext() embedded in JavaScript can cause syntax errors */
+        return htmlspecialchars($translateValue, ENT_QUOTES | ENT_HTML401);
+    }
+}