diff --git a/adminer/indexes.inc.php b/adminer/indexes.inc.php
index 793c61c0..821d0ffb 100644
--- a/adminer/indexes.inc.php
+++ b/adminer/indexes.inc.php
@@ -117,7 +117,7 @@ foreach ($row["indexes"] as $index) {
 		$i = 1;
 		foreach ($index["columns"] as $key => $column) {
 			echo "<span>" . select_input(
-				" name='indexes[$j][columns][$i]' onchange=\"" . ($i == count($index["columns"]) ? "indexesAddColumn" : "indexesChangeColumn") . "(this, '" . js_escape($jush == "sql" ? "" : $_GET["indexes"] . "_") . "');\"",
+				" name='indexes[$j][columns][$i]' onchange=\"" . ($i == count($index["columns"]) ? "indexesAddColumn" : "indexesChangeColumn") . "(this, '" . h(js_escape($jush == "sql" ? "" : $_GET["indexes"] . "_")) . "');\"",
 				($fields ? array_combine($fields, $fields) : $fields),
 				$column
 			);
diff --git a/changes.txt b/changes.txt
index 8637467c..f86fb4d7 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.2.3-dev:
+Fix XSS in indexes (non-MySQL only)
 Support PHP 7
 Greek translation
 Galician translation