diff --git a/app/provision/resources/classes/provision.php b/app/provision/resources/classes/provision.php
index 8f27aefd39..acdf616c04 100644
--- a/app/provision/resources/classes/provision.php
+++ b/app/provision/resources/classes/provision.php
@@ -247,15 +247,15 @@
 					$contact['contact_uuid']			= $row['contact_uuid'];
 					$contact['contact_type']			= $row['contact_type'];
 					$contact['contact_category']		= $row['contact_category'];
-					$contact['contact_organization']	= $row['contact_organization'];
-					$contact['contact_name_given']		= $row['contact_name_given'];
-					$contact['contact_name_family']		= $row['contact_name_family'];
+					$contact['contact_organization']	= xml::sanitize($row['contact_organization']);
+					$contact['contact_name_given']		= xml::sanitize($row['contact_name_given']);
+					$contact['contact_name_family']		= xml::sanitize($row['contact_name_family']);
 
 					$contact['numbers']					= array();
 					$numbers = &$contact['numbers'];
 
 					if (($row['phone_primary'] == '1') || (!isset($contact['phone_number']))) {
-						$contact['phone_label']			= $phone_label;
+						$contact['phone_label']			= xml::sanitize($phone_label);
 						$contact['phone_number']		= $row['phone_number'];
 						$contact['phone_extension']		= $row['phone_extension'];
 					}