diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 3360069f7..e1fd7d004 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -20,6 +20,7 @@
  - fixed: testEnvironment.pl can't find WebGUI modules after installing a prerequisite
  - fixed: Combo box does not show possible values in Thingy (SDH Consulting
    Group)
+ - fixed: Cross site scripting issue on operation pages
 
 7.6.0
  - added: users may now customize the post received page for the CS
diff --git a/lib/WebGUI/Session/Url.pm b/lib/WebGUI/Session/Url.pm
index cc4a0433b..32f6c793b 100644
--- a/lib/WebGUI/Session/Url.pm
+++ b/lib/WebGUI/Session/Url.pm
@@ -437,8 +437,8 @@ sub page {
     if ($useFullUrl) {
         $url = $self->getSiteURL();
     }
-	my $path = $self->session->asset ? $self->session->asset->get("url") : $self->getRequestedUrl;
-	$url .= $self->gateway($path, $pairs, $skipPreventProxyCache);
+    my $path = $self->session->asset ? $self->session->asset->get("url") : $self->escape($self->getRequestedUrl);
+    $url .= $self->gateway($path, $pairs, $skipPreventProxyCache);
     return $url;
 }