diff --git a/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml b/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml
index 96be04e6856dc24932019680a548a7a0c5e46104..3aa16151aea2c976d0297b9d9ca9b9bb98cd410e 100644
--- a/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/DefaultRecord/cover.phtml
@@ -9,7 +9,7 @@
   <div class="ajaxcover">
     <div class="spinner"><i class="fa fa-spinner fa-spin"></i> <?=$this->translate('Loading')?>...</div>
     <div class="cover-container">
-      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$driver->getSourceIdentifier()?>" data-recordid="<?=$driver->getUniqueID()?>" data-coversize="<?=$size?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
+      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$this->escapeHtmlAttr($driver->getSourceIdentifier())?>" data-recordid="<?=$this->escapeHtmlAttr($driver->getUniqueID())?>" data-coversize="<?=$this->escapeHtmlAttr($size)?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
     </div>
   </div>
 <?php endif; ?>
diff --git a/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml b/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml
index e72e14c98c1c17e853344b9255da7c6664394610..1c7f8a68151b4f5cc873a4ebc4d401e9717e7dab 100644
--- a/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/EDS/cover.phtml
@@ -13,7 +13,7 @@
   <div class="ajaxcover">
     <div class="spinner"><i class="fa fa-spinner fa-spin"></i> <?=$this->translate('Loading')?>...</div>
     <div class="cover-container">
-      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$driver->getSourceIdentifier()?>" data-recordid="<?=$driver->getUniqueID()?>" data-coversize="<?=$size?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
+      <img <?php if ($linkPreview): ?>data-linkpreview="true" <?php endif; ?>data-recordsource="<?=$this->escapeHtmlAttr($driver->getSourceIdentifier())?>" data-recordid="<?=$this->escapeHtmlAttr($driver->getUniqueID())?>" data-coversize="<?=$this->escapeHtmlAttr($size)?>" class="recordcover ajax" alt="<?=$this->escapeHtmlAttr($alt); ?>" />
     </div>
   </div>
 <?php endif; ?>