diff --git a/video_filter.codecs.inc b/video_filter.codecs.inc
index 62bdd387012dfb21817cb2b0450d4e5fbde060aa..d377bf3ab649c1ab0f5b8193d4acb900a6f8bbd1 100644
--- a/video_filter.codecs.inc
+++ b/video_filter.codecs.inc
@@ -322,7 +322,7 @@ function video_filter_capped($video) {
 
 function video_filter_bliptv($video) {
   $id = $video['codec']['matches'][1];
-  
+
   // Since video ID in URL is different than in embed code, use API
   // to lookup the embed code video ID. Adapted from emfield.module.
   $result = drupal_http_request('http://blip.tv/file/' . $id . '?skin=api');
@@ -359,6 +359,11 @@ function video_filter_bliptv($video) {
       }
     }
     $id = $response['EMBEDLOOKUP'][0];
+    // Protect from XSS.
+    if (preg_match("/[^A-Za-z0-9]/", $id, $matches)) {
+      watchdog('Video Filter', t('A faulty Blip.tv ID has been detected.'));
+      $id = 0;
+    }
   }
   
   $video['source'] = 'http://blip.tv/play/' . $id;