diff --git a/lightbox2_handler_field_lightbox2.inc b/lightbox2_handler_field_lightbox2.inc
index b32f691..dbfa4d5 100644
--- a/lightbox2_handler_field_lightbox2.inc
+++ b/lightbox2_handler_field_lightbox2.inc
@@ -141,7 +141,12 @@ class lightbox2_handler_field_lightbox2 extends views_handler_field {
       // div is hidden it won't show up as a lightbox.  We also specify a group
       // in the rel attribute in order to link the whole View together for paging.
       $group_name = !empty($this->options['custom_group']) ? $this->options['custom_group'] : ($this->options['rel_group'] ? 'lightbox-popup-' . $this->view->name . '-' . implode('/', $this->view->args) : '');
-      return "<a href='$link #lightbox-popup-{$i}'  rel='lightmodal[{$group_name}|width:" . ($this->options['width'] ? $this->options['width'] : '600px') . ';height:' . ($this->options['height'] ? $this->options['height'] : '600px') . "][" . $caption . "]'>". $tokens["[{$this->options['trigger_field']}]"] ."</a>
+      $group_name = check_plain($group_name);
+      $width = $this->options['width'] ? check_plain($this->options['width']) : '600px';
+      $height = $this->options['height'] ? check_plain($this->options['height']) : '600px';
+      $trigger_field = filter_xss_admin($this->options['trigger_field']);
+
+      return "<a href='$link #lightbox-popup-{$i}'  rel='lightmodal[{$group_name}|width:" . $width . ';height:' . $height . "][" . $caption . "]'>" . $tokens["[{$trigger_field}]"] . "</a>
                 <div style='display: none;'><div id='lightbox-popup-{$i}' class='lightbox-popup'>$popup</div></div>";
     }
     else {