diff --git a/modules/ldap/util_ldap_cache_mgr.c b/modules/ldap/util_ldap_cache_mgr.c
index 826757704f..ae7e652aec 100644
--- a/modules/ldap/util_ldap_cache_mgr.c
+++ b/modules/ldap/util_ldap_cache_mgr.c
@@ -604,7 +604,7 @@ char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char
if (id) {
buf2 = apr_psprintf(p,
"%s",
- r->uri,
+ ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)),
id,
name);
}
diff --git a/modules/test/mod_policy.c b/modules/test/mod_policy.c
index 473b31c624..8138f83165 100644
--- a/modules/test/mod_policy.c
+++ b/modules/test/mod_policy.c
@@ -1011,7 +1011,8 @@ static const char *set_type_url(cmd_parms *cmd, void *dconf, const char *url)
{
policy_conf *conf = dconf;
- conf->type_url = url;
+ /* url is only used inside , escape accordingly */
+ conf->type_url = ap_escape_html(cmd->pool, url);
conf->type_url_set = 1;
return NULL;