diff --git a/ecrire/inc_utils.php b/ecrire/inc_utils.php
index 32356bd6fc8683d6dbaa57eeb3c04c04d06bb97e..852fca970558d1540c6eaa159656b08868092b25 100644
--- a/ecrire/inc_utils.php
+++ b/ecrire/inc_utils.php
@@ -295,6 +295,9 @@ function self($root = false) {
 		.'lang|set_options|set_couleur|set_disp|set_ecran|show_docs'
 		.')=[^&]*,i', '', $url);
 
+	// eviter les hacks
+	$url = htmlspecialchars($url);
+
 	return $url;
 }