diff --git a/finder.module b/finder.module
index e473fe67b4cc97f3309c70e3108010c272750eba..00b9962c948ca292839bcf47d188f8201ac3bad8 100755
--- a/finder.module
+++ b/finder.module
@@ -56,7 +56,7 @@ function finder_menu() {
   $items['admin/build/finder/import'] = $admin_item + array(
     'title' => t('Finder import'),
     'page callback' => 'finder_admin_import',
-    'access arguments' => array('administer finder'),
+    'access callback' => 'finder_menu_allow_finder_import',
     'weight' => 2,
     'type' => MENU_LOCAL_TASK,
   );
@@ -109,6 +109,13 @@ function finder_menu() {
   return $items;
 }
 
+/**
+ * Determine whether to allow the import tab.
+ */
+function finder_menu_allow_finder_import() {
+  return user_access('administer finder') && user_access('administer finder PHP settings');
+}
+
 /**
  * Determine whether to show edit/delete tabs for finder.
  *
diff --git a/modules/finder_autocomplete/finder_autocomplete.module b/modules/finder_autocomplete/finder_autocomplete.module
index 92e1e1a6e901d1cde42dee8262535a078cad9318..b8252140b867b87fd099cd0578820b53e53bc37f 100755
--- a/modules/finder_autocomplete/finder_autocomplete.module
+++ b/modules/finder_autocomplete/finder_autocomplete.module
@@ -200,7 +200,7 @@ function finder_autocomplete_autocomplete($finder_id, $finder_element_id, $keywo
       $autofill = theme('finder_autocomplete_autofill', $option, $element);
       $suggestion = theme('finder_autocomplete_suggestion', $option, $element);
       if ($autofill && $suggestion) {
-        $choices[$autofill] = $suggestion;
+        $choices[$autofill] = filter_xss($suggestion);
       }
     }
   }