diff --git a/lib/rsslib.php b/lib/rsslib.php
index 9e74211..bb54da2 100644
--- a/lib/rsslib.php
+++ b/lib/rsslib.php
@@ -550,7 +550,7 @@ function rss_get_form($act='none', $url='', $rssid='', $preferredtitle='', $shar
     $returnstring .= '<input type="hidden" name="blogid" value="'. $blogid .'" />'."\n";
     $returnstring .= '<input type="hidden" name="user" value="'. $USER->id .'" />'."\n";
     $returnstring .= '<br /><input type="submit" value="';
-    $validatestring = "<a href=\"#\" onclick=\"window.open('http://feedvalidator.org/check.cgi?url='+getElementById('block_rss').elements['url'].value,'validate','width=640,height=480,scrollbars=yes,status=
+    $validatestring = "<a href=\"#\" onclick=\"window.open('http://feedvalidator.org/check.cgi?url='+escape(getElementById('block_rss').elements['url'].value),'validate','width=640,height=480,scrollbars=yes
 
     if ($act == 'rssedit') {
         $returnstring .= $stredit;