diff --git a/src/Test/TestTranslate.py b/src/Test/TestTranslate.py
index b4c2ae2d..530d1bcf 100644
--- a/src/Test/TestTranslate.py
+++ b/src/Test/TestTranslate.py
@@ -24,3 +24,32 @@ class TestTranslate:
data_translated = translate.translateData(data, {"_(original, original named)": "translated"})
assert 'translated = _("translated")' in data_translated
assert 'not_translated = "original"' in data_translated
+
+
+ def testTranslateEscape(self):
+ _ = Translate()
+ _["Hello"] = "Szia"
+
+ # Simple escaping
+ data = "{_[Hello]} {username}!"
+ username = "Hacker"
+ data_translated = _(data)
+ assert 'Szia' in data_translated
+ assert '<' not in data_translated
+ assert data_translated == "Szia Hacker<script>alert('boom')</script>!"
+
+ # Escaping dicts
+ user = {"username": "Hacker"}
+ data = "{_[Hello]} {user[username]}!"
+ data_translated = _(data)
+ assert 'Szia' in data_translated
+ assert '<' not in data_translated
+ assert data_translated == "Szia Hacker<script>alert('boom')</script>!"
+
+ # Escaping lists
+ users = [{"username": "Hacker"}]
+ data = "{_[Hello]} {users[0][username]}!"
+ data_translated = _(data)
+ assert 'Szia' in data_translated
+ assert '<' not in data_translated
+ assert data_translated == "Szia Hacker<script>alert('boom')</script>!"