diff --git a/class.class.php b/class.class.php
--- a/class.class.php
+++ b/class.class.php
@@ -73,7 +73,7 @@ class Classes
   {
     $n = "\n";
     $out = '<tr title="' . $class_key . '" class="class class' . $class_key . '">' . $n
-      . '  <td><input type="text" class="required defText" title="Class Name" name="postData[' . $class_key . '][name]" value="' . str_replace('"', '&quot;', $this->getName()) . '"/></td>' . $n
+      . '  <td><input type="text" class="required defText" title="Class Name" name="postData[' . $class_key . '][name]" value="' . htmlentities($this->getName()) . '"/></td>' . $n
       . '  <td colspan="8"></td>' . $n
       . '  <td class="tdInput"><div class="addSection"><input type="button" value="Add section" /></div></td>' . $n
       . '  <td class="tdInput"><div class="deleteClass"><input type="button" value="Remove" /></div></td>' . $n
diff --git a/class.schedule.php b/class.schedule.php
--- a/class.schedule.php
+++ b/class.schedule.php
@@ -290,7 +290,7 @@ class Schedule
 	"\n</script>"; */
       $headcode = array('outputStyle',  'jQuery', 'jQueryUI', 'uiTabsKeyboard');
     }
-    $outputPage = new page($this->getName(), $headcode);
+    $outputPage = new Page(htmlentities($this->getName()), $headcode);
 
 
 
@@ -377,11 +377,11 @@ class Schedule
 			      {
 				if($this->classStorage[$j]->getSection($this->storage[$i][$j])->getEndTime() > $time[$r+1])
 				  {
-				    $table .= "\n\t\t<td class=\"top class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				    $table .= "\n\t\t<td class=\"top class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				    $M = $j;
 				    $filled = true;
 				  } else {
-				  $table .= "\n\t\t<td class=\"single class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				  $table .= "\n\t\t<td class=\"single class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				  $filled = true;
 				}
 			      }
@@ -420,11 +420,11 @@ class Schedule
 			      {
 				if($this->classStorage[$j]->getSection($this->storage[$i][$j])->getEndTime() > $time[$r+1])
 				  {
-				    $table .= "\n\t\t<td class=\"top class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				    $table .= "\n\t\t<td class=\"top class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				    $Tu = $j;
 				    $filled = true;
 				  } else {
-				  $table .= "\n\t\t<td class=\"single class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				  $table .= "\n\t\t<td class=\"single class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				  $filled = true;
 				}
 			      }
@@ -463,11 +463,11 @@ class Schedule
 			      {
 				if($this->classStorage[$j]->getSection($this->storage[$i][$j])->getEndTime() > $time[$r+1])
 				  {
-				    $table .= "\n\t\t<td class=\"top class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				    $table .= "\n\t\t<td class=\"top class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				    $W = $j;
 				    $filled = true;
 				  } else {
-				  $table .= "\n\t\t<td class=\"single class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				  $table .= "\n\t\t<td class=\"single class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				  $filled = true;
 				}
 			      }
@@ -506,11 +506,11 @@ class Schedule
 			      {
 				if($this->classStorage[$j]->getSection($this->storage[$i][$j])->getEndTime() > $time[$r+1])
 				  {
-				    $table .= "\n\t\t<td class=\"top class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				    $table .= "\n\t\t<td class=\"top class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				    $Th = $j;
 				    $filled = true;
 				  } else {
-				  $table .= "\n\t\t<td class=\"single class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				  $table .= "\n\t\t<td class=\"single class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				  $filled = true;
 				}
 			      }
@@ -549,11 +549,11 @@ class Schedule
 			      {
 				if($this->classStorage[$j]->getSection($this->storage[$i][$j])->getEndTime() > $time[$r+1])
 				  {
-				    $table .= "\n\t\t<td class=\"top class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				    $table .= "\n\t\t<td class=\"top class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				    $F = $j;
 				    $filled = true;
 				  } else {
-				  $table .= "\n\t\t<td class=\"single class{$j}\">" . $this->classStorage[$j]->getName() . " " . $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() . "</td>";
+				  $table .= "\n\t\t<td class=\"single class{$j}\">" . htmlentities($this->classStorage[$j]->getName()) . " " . htmlentities( $this->classStorage[$j]->getSection($this->storage[$i][$j])->getLetter() ) . "</td>";
 				  $filled = true;
 				}
 			      }
diff --git a/class.section.php b/class.section.php
--- a/class.section.php
+++ b/class.section.php
@@ -172,7 +172,7 @@ class Section
 	$out .= '  <td class="sectionIdentifier center">' . $n
 	. '    <input type="text" size="1" class="required" title="Section Name"' . $n
 	. '           name="postData[' . $class_key . '][' . $section_key . '][letter]"' . $n
-	. '           value="' . $this->letter . '" />' . $n
+	. '           value="' . htmlentities($this->letter) . '" />' . $n
 	. "  </td>\n";
       break;
       }
diff --git a/inc/class.page.php b/inc/class.page.php
--- a/inc/class.page.php
+++ b/inc/class.page.php
@@ -40,6 +40,10 @@ class page
   /* the current school. See get_school(). */
   private $school;
 
+  /**
+   * \param $ntitle
+   *   Must be a valid HTML string (i.e., escaped with htmlentities()).
+   */
   public function __construct($ntitle, $nscripts = array(), $immediate = TRUE)
   {
     global $ga_trackers;
diff --git a/input.php b/input.php
--- a/input.php
+++ b/input.php
@@ -79,7 +79,7 @@ if (!empty($_REQUEST['selectschool'])
 <br />
 <label>Schedule Name</label><br />
 <input id="scheduleName" style="margin-bottom: 1em;" class="defText required" type="text" size="25" title="(e.g., Spring <?php echo Date('Y'); ?>)" name="postData[name]"
-<?php if ($sch) echo 'value="' . str_replace('"', '&quot;', $sch->getName()) . '"'; /*"*/ ?>
+<?php if ($sch) echo 'value="' . htmlentities($sch->getName()) . '"'; /*"*/ ?>
 />
 
 <table id="container">