diff --git a/typo3/sysext/backend/Classes/Controller/BackendLayoutWizardController.php b/typo3/sysext/backend/Classes/Controller/BackendLayoutWizardController.php
index ff84fd493bf248ebeae4733efd7fcda61b3c899b..0b3d410598f514a9247431ccbfb0a62837953721 100644
--- a/typo3/sysext/backend/Classes/Controller/BackendLayoutWizardController.php
+++ b/typo3/sysext/backend/Classes/Controller/BackendLayoutWizardController.php
@@ -69,6 +69,10 @@ class BackendLayoutWizardController {
 		$this->P = GeneralUtility::_GP('P');
 		$this->formName = $this->P['formName'];
 		$this->fieldName = $this->P['itemName'];
+		$hmac_validate = GeneralUtility::hmac($this->formName . $this->fieldName, 'wizard_js');
+		if (!$this->P['hmac'] || ($this->P['hmac'] !== $hmac_validate)) {
+			throw new \InvalidArgumentException('Hmac Validation failed for backend_layout wizard', 1385811397);
+		}
 		$this->md5ID = $this->P['md5ID'];
 		$uid = intval($this->P['uid']);
 		// Initialize document object:
@@ -78,8 +82,8 @@ class BackendLayoutWizardController {
 		$pageRenderer->addJsFile($GLOBALS['BACK_PATH'] . TYPO3_MOD_PATH . 'res/grideditor.js');
 		$pageRenderer->addJsInlineCode('storeData', '
 			function storeData(data) {
-				if (parent.opener && parent.opener.document && parent.opener.document.' . $this->formName . ' && parent.opener.document.' . $this->formName . '["' . $this->fieldName . '"]) {
-					parent.opener.document.' . $this->formName . '["' . $this->fieldName . '"].value = data;
+				if (parent.opener && parent.opener.document && parent.opener.document.' . $this->formName . ' && parent.opener.document.' . $this->formName . '[' . GeneralUtility::quoteJSvalue($this->fieldName) . ']) {
+					parent.opener.document.' . $this->formName . '[' . GeneralUtility::quoteJSvalue($this->fieldName) . '].value = data;
 					parent.opener.TBE_EDITOR.fieldChanged("backend_layout","' . $uid . '","config","data[backend_layout][' . $uid . '][config]");
 				}
 			}
diff --git a/typo3/sysext/backend/Classes/Form/FormEngine.php b/typo3/sysext/backend/Classes/Form/FormEngine.php
index 3fda742dc659f8d2b9d15f7f43effbe4d4f3e8bc..cffda6b42d8ac74553a2fc525bc120f080e61e2b 100644
--- a/typo3/sysext/backend/Classes/Form/FormEngine.php
+++ b/typo3/sysext/backend/Classes/Form/FormEngine.php
@@ -4150,6 +4150,7 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
 									// ... else types "popup", "colorbox" and "userFunc" will need additional parameters:
 									$params['formName'] = $this->formName;
 									$params['itemName'] = $itemName;
+									$params['hmac'] = GeneralUtility::hmac($params['formName'] . $params['itemName'], 'wizard_js');
 									$params['fieldChangeFunc'] = $fieldChangeFunc;
 									$params['fieldChangeFuncHash'] = GeneralUtility::hmac(serialize($fieldChangeFunc));
 									switch ((string) $wConf['type']) {