diff --git a/core/src/main/java/gwtupload/client/BaseUploadStatus.java b/core/src/main/java/gwtupload/client/BaseUploadStatus.java
index d54a774e..adff8b43 100644
--- a/core/src/main/java/gwtupload/client/BaseUploadStatus.java
+++ b/core/src/main/java/gwtupload/client/BaseUploadStatus.java
@@ -199,9 +199,9 @@ public void setError(String msg) {
    */
   public void setFileNames(List<String> names) {
     fileNames = names;
-    fileNameLabel.setHTML(Utils.convertCollectionToString(names, "<br/>"));
+    fileNameLabel.setHTML(Utils.convertCollectionToString(names, "<br/>", true));
     if (prg instanceof HasText) {
-      ((HasText) prg).setText(Utils.convertCollectionToString(names, ","));
+      ((HasText) prg).setText(Utils.convertCollectionToString(names, ",", false));
     }
   }
 
diff --git a/core/src/main/java/gwtupload/client/Uploader.java b/core/src/main/java/gwtupload/client/Uploader.java
index 97ebafc9..3801f9dd 100644
--- a/core/src/main/java/gwtupload/client/Uploader.java
+++ b/core/src/main/java/gwtupload/client/Uploader.java
@@ -29,6 +29,7 @@
 import com.google.gwt.http.client.RequestException;
 import com.google.gwt.http.client.RequestTimeoutException;
 import com.google.gwt.http.client.Response;
+import com.google.gwt.safehtml.shared.SafeHtmlUtils;
 import com.google.gwt.user.client.Timer;
 import com.google.gwt.user.client.Window;
 import com.google.gwt.user.client.ui.Composite;
@@ -191,7 +192,7 @@ public static void log(String msg, Throwable e) {
         GWT.log(msg, e);
       }
     } else {
-      String html = (msg + "\n" + (e != null ? e.getMessage() :"")).replaceAll("\n", "<br/>");
+      String html = SafeHtmlUtils.fromString(msg + "\n" + (e != null ? e.getMessage() :"")).asString().replaceAll("\n", "<br/>");
       mlog.setHTML(mlog.getHTML() + html);
     }
   }
diff --git a/core/src/main/java/gwtupload/client/Utils.java b/core/src/main/java/gwtupload/client/Utils.java
index 773bddfc..6ee6ab30 100644
--- a/core/src/main/java/gwtupload/client/Utils.java
+++ b/core/src/main/java/gwtupload/client/Utils.java
@@ -3,6 +3,7 @@
 import java.util.Collection;
 import java.util.List;
 
+import com.google.gwt.safehtml.shared.SafeHtmlUtils;
 import com.google.gwt.xml.client.Document;
 import com.google.gwt.xml.client.Node;
 import com.google.gwt.xml.client.NodeList;
@@ -102,15 +103,19 @@ public static boolean validateExtension(List<String> validExtensions, String fil
     return valid;
   }
 
-  public static String convertCollectionToString(Collection<String> strings, String separator) {
+  public static String convertCollectionToString(Collection<String> strings, String separator, boolean escape) {
     String result = "";
     boolean first = true;
     for (String s : strings) {
       if (first) {
-        result += s;
         first = false;
       } else {
-        result += separator + s;
+        result += separator;
+      }
+      if (escape) {
+        result += SafeHtmlUtils.fromString(s).asString();
+      } else {
+        result += s;
       }
     }
     return result;