diff --git a/addons/report/controllers/main.py b/addons/report/controllers/main.py
index d2df2b0db98..6a8f06c8d90 100644
--- a/addons/report/controllers/main.py
+++ b/addons/report/controllers/main.py
@@ -22,6 +22,7 @@
 from openerp.addons.web.http import Controller, route, request
 from openerp.addons.web.controllers.main import _serialize_exception
 from openerp.osv import osv
+from openerp.tools import html_escape
 
 import simplejson
 from werkzeug import exceptions, url_decode
@@ -137,7 +138,7 @@ class ReportController(Controller):
                 'message': "Odoo Server Error",
                 'data': se
             }
-            return request.make_response(simplejson.dumps(error))
+            return request.make_response(html_escape(simplejson.dumps(error)))
 
     @route(['/report/check_wkhtmltopdf'], type='json', auth="user")
     def check_wkhtmltopdf(self):