diff --git a/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs b/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
index af5ddf4..7e87d48 100644
--- a/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
+++ b/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
@@ -42,7 +42,7 @@ public void ProcessRequest (HttpContext context)
 				
 			throw new HttpException (403,
 						 "This type of page is not served.",
-						 req != null ? req.Path : null,
+						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
 						 description);
 		}