diff --git a/addons/base_import/controllers.py b/addons/base_import/controllers.py
index b926c6b2782..b0b2ab0714a 100644
--- a/addons/base_import/controllers.py
+++ b/addons/base_import/controllers.py
@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
+import cgi
 import simplejson
 
 import openerp
@@ -17,4 +18,4 @@ class ImportController(openerp.addons.web.http.Controller):
         }, req.context)
 
         return 'window.top.%s(%s)' % (
-            jsonp, simplejson.dumps({'result': written}))
+            cgi.escape(jsonp), simplejson.dumps({'result': written}))