diff -up powertop-2.0/src/tuning/tuning.cpp.orig powertop-2.0/src/tuning/tuning.cpp
--- powertop-2.0/src/tuning/tuning.cpp.orig	2012-05-09 18:43:29.000000000 +0200
+++ powertop-2.0/src/tuning/tuning.cpp	2012-05-16 19:28:25.398232302 +0200
@@ -217,6 +217,20 @@ static const char *tune_class_bad(int li
 	return "tunable_even_bad";
 }
 
+static std::string html_encode(std::string data) {
+	std::string buffer;
+	buffer.reserve(data.size());
+	for (size_t pos = 0; pos != data.size(); pos++) {
+		switch(data[pos]) {
+			case '&':  buffer.append("&"); break;
+			case '\"': buffer.append("""); break;
+			case '<':  buffer.append("&lt;"); break;
+			case '>':  buffer.append("&gt;"); break;
+			default:   buffer.append(1, data[pos]); break;
+		}
+	}
+	return buffer;
+}
 
 void report_show_tunables(void)
 {
@@ -254,7 +268,7 @@ void report_show_tunables(void)
 			fprintf(reportout.csv_report, "Description, \n");
 
 		if (reporttype)
-		        fprintf(reportout.http_report, "<tr class=\"%s\"><td>%s</td><td>%s</td></tr>\n", tune_class_bad(line), all_tunables[i]->description(), all_tunables[i]->toggle_script());
+		        fprintf(reportout.http_report, "<tr class=\"%s\"><td>%s</td><td>%s</td></tr>\n", tune_class_bad(line), all_tunables[i]->description(), html_encode(std::string(all_tunables[i]->toggle_script())).c_str());
 		else
 			fprintf(reportout.csv_report, "\"%s\", \n", all_tunables[i]->description());
 	}