diff --git a/main/document/document.php b/main/document/document.php
index 9ebfeeac5e..17837084b7 100755
--- a/main/document/document.php
+++ b/main/document/document.php
@@ -1995,7 +1995,7 @@ if (!empty($documentAndFolders)) {
             );
 
             // Document title with link and comment
-            $titleWithLink = $link.$session_img.'<br />'.$invisibility_span_open;
+            $titleWithLink = Security::remove_XSS($link.$session_img.'<br />'.$invisibility_span_open);
             $commentText = nl2br(htmlspecialchars($document_data['comment'], ENT_QUOTES, $charset));
             if (!empty($commentText)) {
                 $titleWithLink .= '<em>'.$commentText.'</em>';