diff --git a/functions.inc.php b/functions.inc.php
index c3e34eb1..f3631526 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -1755,9 +1755,9 @@ function gen_show_status ($show_alias) {
             list(/*NULL*/,$stat_domain) = explode('@',$g);
             $stat_delimiter = "";
 			if (!empty($CONF['recipient_delimiter'])) {
-				$stat_delimiter = "OR address = '" . preg_replace($delimiter_regex, "@", $g) . "'";
+				$stat_delimiter = "OR address = '" . escape_string(preg_replace($delimiter_regex, "@", $g)) . "'";
 			}
-			$stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '@$stat_domain' $stat_delimiter");
+			$stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '" . escape_string($g) . "' OR address = '@" . escape_string($stat_domain) . "' $stat_delimiter");
             if ($stat_result['rows'] == 0) {
                 $stat_ok = 0;
             }
diff --git a/templates/list-virtual_alias_domain.tpl b/templates/list-virtual_alias_domain.tpl
index ae2a6ccc..83c5dd1b 100644
--- a/templates/list-virtual_alias_domain.tpl
+++ b/templates/list-virtual_alias_domain.tpl
@@ -6,4 +6,6 @@
 {assign var="id_field" value=$msg.id_field}
 {assign var="formconf" value=$aliasdomain_data.formconf}
 {assign var="items" value=$tAliasDomains}
+{assign var="RAW_items" value=$RAW_tAliasDomains}
+
 {include 'list.tpl'}
diff --git a/templates/list.tpl b/templates/list.tpl
index 2242321c..f5f50f22 100644
--- a/templates/list.tpl
+++ b/templates/list.tpl
@@ -51,7 +51,8 @@
     <td>&nbsp;</td>
 </tr>
 
-{foreach from=$items item=item}
+{foreach from=$RAW_items item=RAW_item}
+    {assign "item" $items.{$RAW_item.$id_field|escape:"html"}} {* array keys in $items are html-escaped *}
     {#tr_hilightoff#}
 
     {foreach key=key item=field from=$struct}
@@ -77,7 +78,7 @@
 *}
                     {elseif $key == 'active'}
                         {if $item._can_edit}
-                            <a href="{#url_editactive#}{$table}&amp;id={$item.$id_field|escape:"url"}&amp;active={if ($item.active==0)}1{else}0{/if}&amp;token={$smarty.session.PFA_token|escape:"url"}">{$item._active}</a>
+                            <a href="{#url_editactive#}{$table}&amp;id={$RAW_item.$id_field|escape:"url"}&amp;active={if ($item.active==0)}1{else}0{/if}&amp;token={$smarty.session.PFA_token|escape:"url"}">{$item._active}</a>
                         {else}
                             {$item._active}
                         {/if}
@@ -109,7 +110,7 @@
                     {elseif $field.type == 'txtl'}
                         {foreach key=key2 item=field2 from=$item.$key}{$field2}<br> {/foreach}
                     {elseif $field.type == 'html'}
-						{$RAW_items.{$item.{$msg.id_field}}.$key}
+                        {$RAW_item.$key}
                     {else}
                         {$linktext}
                     {/if}
@@ -118,8 +119,8 @@
         {/if}
     {/foreach}
 
-    <td>{if $item._can_edit}<a href="edit.php?table={$table|escape:"url"}&amp;edit={$item.$id_field|escape:"url"}">{$PALANG.edit}</a>{else}&nbsp;{/if}</td>
-    <td>{if $item._can_delete}<a href="{#url_delete#}?table={$table}&amp;delete={$item.$id_field|escape:"url"}&amp;token={$smarty.session.PFA_token|escape:"url"}" 
+    <td>{if $item._can_edit}<a href="edit.php?table={$table|escape:"url"}&amp;edit={$RAW_item.$id_field|escape:"url"}">{$PALANG.edit}</a>{else}&nbsp;{/if}</td>
+    <td>{if $item._can_delete}<a href="{#url_delete#}?table={$table}&amp;delete={$RAW_item.$id_field|escape:"url"}&amp;token={$smarty.session.PFA_token|escape:"url"}"
         onclick="return confirm ('{$PALANG.{$msg.confirm_delete}|replace:'%s':$item.$id_field}')">{$PALANG.del}</a>{else}&nbsp;{/if}</td>
     </tr>
 {/foreach}