diff --git a/controller/RestController.php b/controller/RestController.php
index ba6f9c89f..1aadd8946 100644
--- a/controller/RestController.php
+++ b/controller/RestController.php
@@ -25,7 +25,7 @@ private function returnJson($data)
         // wrap with JSONP callback if requested
         if (filter_input(INPUT_GET, 'callback', FILTER_SANITIZE_FULL_SPECIAL_CHARS)) {
             header("Content-type: application/javascript; charset=utf-8");
-            echo filter_input(INPUT_GET, 'callback', FILTER_UNSAFE_RAW) . "(" . json_encode($data) . ");";
+            echo filter_input(INPUT_GET, 'callback', FILTER_SANITIZE_FULL_SPECIAL_CHARS) . "(" . json_encode($data) . ");";
             return;
         }