diff --git a/data.views.inc b/data.views.inc
index eb0a702f96b0d8ab482f2665b45ce2fa83fa0fb1..995f73a0380e25b6b686f61613090f5e6586a9bf 100644
--- a/data.views.inc
+++ b/data.views.inc
@@ -25,7 +25,7 @@ function data_views_data() {
 
     $table_data = array();
     $table_data['table'] = array(
-      'group' => $table->get('title'),
+      'group' => check_plain($table->get('title')),
     );
     foreach ($schema['fields'] as $field_name => $field) {
       // If there is no label, generate one from field name.
@@ -59,7 +59,7 @@ function data_views_data() {
     if (isset($schema['primary key']) && count($schema['primary key']) >= 1) {
       $table_data['table']['base'] = array(
         'field' => current($schema['primary key']),
-        'title' => $table->get('title'),
+        'title' => check_plain($table->get('title')),
         'help' => t('Data table'),
         'weight' => 10,
       );
diff --git a/data_ui/data_ui.admin.inc b/data_ui/data_ui.admin.inc
index 5ec21e015dcbac3efd179e76a872005eccd42e9f..1f77f659505fbe2741b4562e0f66d76a728af3bc 100644
--- a/data_ui/data_ui.admin.inc
+++ b/data_ui/data_ui.admin.inc
@@ -13,7 +13,7 @@ function data_ui_view() {
   foreach ($tables as $table) {
     // TODO Please convert this statement to the D7 database API syntax.
     $row = array(
-      $table->get('title'),
+      check_plain($table->get('title')),
       $table->get('name'),
       db_query('SELECT COUNT(*) FROM {' . db_escape_table($table->get('name')) . '}')->fetchField(),
     );
@@ -703,7 +703,8 @@ function data_ui_edit_title_form($form, &$form_state, $table) {
     '#type' => 'textfield',
     '#title' => t('Title'),
     '#description' => t('Natural name of the table.'),
-    '#default_value' => db_escape_table($table->get('title')),
+    // Do not escape the title: show the user what they originally entered.
+    '#default_value' => $table->get('title'),
   );
   $form['submit'] = array(
     '#type' => 'submit',
diff --git a/data_ui/data_ui.views_default.inc b/data_ui/data_ui.views_default.inc
index 4e95f3c15364503c1ba227d80e2109c8223dc4b0..31b1716a9249898994d136e0ffdde9ba353f2f6f 100644
--- a/data_ui/data_ui.views_default.inc
+++ b/data_ui/data_ui.views_default.inc
@@ -68,6 +68,7 @@ function data_ui_views_default_views() {
         'style_options' => array(),
         'wildcard' => 'all',
         'wildcard_substitution' => 'All',
+        // These correspond to user-entered data and so should not be escaped.
         'title' => $table->get('title') . ' %1',
         'id' => $first,
         'table' => $table->get('name'),