diff --git a/addons/website/models/ir_qweb.py b/addons/website/models/ir_qweb.py
index 85fe6a3a2f8..27806bbe437 100644
--- a/addons/website/models/ir_qweb.py
+++ b/addons/website/models/ir_qweb.py
@@ -300,7 +300,7 @@ class Image(orm.AbstractModel):
         src = self.pool['website'].image_url(cr, uid, record, field_name, max_size)
         alt = None
         if options.get('alt-field') and getattr(record, options['alt-field'], None):
-            alt = record[options['alt-field']]
+            alt = escape(record[options['alt-field']])
         elif options.get('alt'):
             alt = options['alt']
         img = '<img class="%s" src="%s" style="%s"%s/>' % (classes, src, options.get('style', ''), ' alt="%s"' % alt if alt else '')