diff --git a/laravel/profiling/profiler.php b/laravel/profiling/profiler.php
index 360e4702930..a26396eeb88 100644
--- a/laravel/profiling/profiler.php
+++ b/laravel/profiling/profiler.php
@@ -148,6 +148,7 @@ public static function query($sql, $bindings, $time)
 			$binding = Database::connection()->pdo->quote($binding);
 
 			$sql = preg_replace('/\?/', $binding, $sql, 1);
+			$sql = htmlspecialchars($sql);
 		}
 
 		static::$data['queries'][] = array($sql, $time);