- <input name="email" size="40" <?php if(isset($_POST['email'])){echo 'value="'.$_POST['email'].'"';}?>/> <small>(must be valid, because an activation link will be sent over there)</small>
+ <input name="email" size="40" <?php if(isset($_POST['email'])){echo 'value="'.htmlspecialchars($_POST['email']).'"';}?>/> <small>(must be valid, because an activation link will be sent over there)</small>