diff --git a/app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/File.php b/app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/File.php
index a9e440c5f73..2cf5194f248 100644
--- a/app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/File.php
+++ b/app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/File.php
@@ -43,7 +43,7 @@ protected function _getDeleteCheckbox()
         $html = '';
         if ((string)$this->getValue()) {
             $label = Mage::helper('adminhtml')->__('Delete File');
-            $html .= '<div>' . $this->getValue() . ' ';
+            $html .= '<div>'. Mage::helper('adminhtml')->escapeHtml($this->getValue()) . ' ';
             $html .= '<input type="checkbox" name="' . parent::getName() . '[delete]" value="1" class="checkbox" id="' . $this->getHtmlId() . '_delete"' . ($this->getDisabled() ? ' disabled="disabled"' : '') . '/>';
             $html .= '<label for="' . $this->getHtmlId() . '_delete"' . ($this->getDisabled() ? ' class="disabled"' : '') . '> ' . $label . '</label>';
             $html .= '<input type="hidden" name="' . parent::getName() . '[value]" value="' . $this->getValue() . '" />';