diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc
index 8ef7d7c..bd1b1cb 100644
--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -2207,7 +2207,7 @@ function system_date_time_lookup() {
   if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'admin/config/regional/date-time/formats/lookup')) {
     return MENU_ACCESS_DENIED;
   }
-  $result = format_date(REQUEST_TIME, 'custom', $_GET['format']);
+  $result = filter_xss_admin(format_date(REQUEST_TIME, 'custom', $_GET['format']));
   drupal_json_output($result);
 }
 
@@ -2859,7 +2859,7 @@ function system_date_time_formats() {
   if (!empty($formats)) {
     foreach ($formats as $format) {
       $row = array();
-      $row[] = array('data' => format_date(REQUEST_TIME, 'custom', $format['format']));
+      $row[] = array('data' => filter_xss_admin(format_date(REQUEST_TIME, 'custom', $format['format'])));
       $row[] = array('data' => l(t('edit'), 'admin/config/regional/date-time/formats/' . $format['dfid'] . '/edit'));
       $row[] = array('data' => l(t('delete'), 'admin/config/regional/date-time/formats/' . $format['dfid'] . '/delete'));
       $rows[] = $row;