diff --git a/pages/account/43.php b/pages/account/43.php
index 70a2dc9..00aa647 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -66,7 +66,7 @@
       $row = mysql_fetch_assoc($res);
       $_REQUEST['userid'] = $row['id'];
     } else {
-      printf(_("No users found matching %s"), $email);
+      printf(_("No users found matching %s"), sanitizeHTML($email));
     }
   }