diff --git a/app/views/course/feedback/index.php b/app/views/course/feedback/index.php
index fe4c83fffa6a3df485daf87450ab40ca89280321..44805346ca253a0b627c2a3e98a0cfa93b8c0d55 100644
--- a/app/views/course/feedback/index.php
+++ b/app/views/course/feedback/index.php
@@ -1,3 +1,9 @@
+<?php
+/**
+ * @var Course_FeedbackController $controller
+ * @var FeedbackElement[] $feedback_elements
+ */
+?>
 <? if (empty($feedback_elements)): ?>
     <?= MessageBox::info(_('Es wurden noch keine Feedback-Elemente angelegt.')) ?>
 <? else: ?>
@@ -51,7 +57,7 @@
             <tr>
                 <td data-sort-value="<?= crc32($feedback->range_type) ?>" class="responsive-hidden">
                     <a href="<?= $controller->link_for($range->getRangeUrl()) ?>"
-                        title="<?= $range->getRangeName() ?>">
+                        title="<?= htmlReady($range->getRangeName()) ?>">
                         <?= $range->getRangeIcon('clickable') ?>
                     </a>
                 </td>
@@ -83,9 +89,9 @@
                         <?= _('Kommentar') ?>
                     <? endif; ?>
                 </td>
-                <td data-sort-value="<?= $feedback->user->getFullName('no_title_rev') ?>" class="responsive-hidden">
-                    <a href="<?= URLHelper::getLink('dispatch.php/profile?username=' . $feedback->user->username) ?>">
-                        <?= $feedback->user->getFullName('no_title_rev') ?>
+                <td data-sort-value="<?= htmlReady($feedback->user->getFullName('no_title_rev')) ?>" class="responsive-hidden">
+                    <a href="<?= URLHelper::getLink('dispatch.php/profile', ['username' => $feedback->user->username]) ?>">
+                        <?= htmlReady($feedback->user->getFullName('no_title_rev')) ?>
                     </a>
                 </td>
                 <td title="<?= strftime('%x %X', $feedback->chdate) ?>" data-sort-value="<?= $feedback->chdate ?>">