diff --git a/setup/setup_frame.tpl b/setup/setup_frame.tpl
index 5659e7796c432189a2d3c85606a3e92142771702..57cc735ec0f65e8d99c606027f6f63849596b5cd 100644
--- a/setup/setup_frame.tpl
+++ b/setup/setup_frame.tpl
@@ -4,9 +4,9 @@
   <form action="setup.php" name="mainform" id="mainform" method="post" enctype="multipart/form-data">
     <div class="setup_header">
       <div id="header_left">
-        <img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
+        <img id="fd_logo" class="optional" src="geticon.php?context=applications&amp;icon=fusiondirectory&amp;size=48" alt="FusionDirectory"/>
         <a class="plugtop">
-          <img src="{$headline_image}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
+          <img src="{$headline_image|escape}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
         </a>
       </div>
       <div id="header_right">