diff --git a/client_logins.php b/client_logins.php
index 44360219..d56f2468 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -112,7 +112,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             }else{
               $login_username_display = "$login_username<button class='btn btn-sm' data-clipboard-text='$login_username'><i class='far fa-copy text-secondary'></i></button>";
             }
-            $login_password = $row['login_password'];
+            $login_password = htmlentities($row['login_password']);
             $login_otp_secret = $row['login_otp_secret'];
             if(empty($login_otp_secret)){
               $otp_display = "-";
diff --git a/post.php b/post.php
index 11d16df4..7ca63de0 100644
--- a/post.php
+++ b/post.php
@@ -4280,7 +4280,7 @@ if(isset($_POST['add_login'])){
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
     $username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['username'])));
-    $password = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['password'])));
+    $password = trim(mysqli_real_escape_string($mysqli,$_POST['password']));
     $otp_secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['otp_secret'])));
     $note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['note'])));
     $vendor_id = intval($_POST['vendor']);