diff --git a/src/ObjectDataRow.php b/src/ObjectDataRow.php
index 4b1cdb4..62ce95d 100644
--- a/src/ObjectDataRow.php
+++ b/src/ObjectDataRow.php
@@ -26,7 +26,7 @@ protected function extractCellValue($fieldName)
             return $res;
         } else {
             try {
-                return $this->src->{$fieldName};
+                return htmlspecialchars($this->src->{$fieldName}, ENT_QUOTES, 'UTF-8');
             } catch(Exception $e) {
                 throw new RuntimeException(
                     "Can't read '$fieldName' property from DataRow",