Index: modules/ezodf/ezoogenerator.php
===================================================================
--- modules/ezodf/ezoogenerator.php	(revision 2544)
+++ modules/ezodf/ezoogenerator.php	(working copy)
@@ -666,7 +666,7 @@
 
                         case "link":
                         {
-                            $contentXML .= "<text:a xlink:type='simple' xlink:href='" . $paragraphElement['HREF']. "'>" . $paragraphElement['Content'] . "</text:a>";
+                            $contentXML .= "<text:a xlink:type='simple' xlink:href='" . htmlspecialchars( $paragraphElement['HREF'] ) . "'>" . htmlspecialchars( $paragraphElement['Content'] ) . "</text:a>";
                         }break;
 
                         default:
@@ -692,7 +692,7 @@
 
             case "header":
             {
-                $contentXML .= "\n<text:h text:style-name='Heading " . $element['Level'] . "' text:outline-level='" . $element['Level'] . "'>" . $element['Text'] . "</text:h>\n";
+                $contentXML .= "\n<text:h text:style-name='Heading " . $element['Level'] . "' text:outline-level='" . $element['Level'] . "'>" . htmlspecialchars( $element['Text'] ) . "</text:h>\n";
             }break;
 
             case "image" :