diff --git a/template.php b/template.php
index 33e5c2faec3adc1be4b989b6823ffa5cb3b605a0..c20549b21aff34026abb7ebb467d7e5bd93717b4 100644
--- a/template.php
+++ b/template.php
@@ -134,8 +134,8 @@ function zen_preprocess_html(&$variables, $hook) {
     drupal_add_http_header('X-UA-Compatible', 'IE=edge,chrome=1');
   }
 
-  $variables['skip_link_anchor'] = theme_get_setting('zen_skip_link_anchor');
-  $variables['skip_link_text'] = theme_get_setting('zen_skip_link_text');
+  $variables['skip_link_anchor'] = check_plain(theme_get_setting('zen_skip_link_anchor'));
+  $variables['skip_link_text']   = check_plain(theme_get_setting('zen_skip_link_text'));
 
   // Return early, so the maintenance page does not call any of the code below.
   if ($hook != 'html') {