diff --git a/src/components/listview/listview.js b/src/components/listview/listview.js
index d6c34172f8..eaa526dbd4 100644
--- a/src/components/listview/listview.js
+++ b/src/components/listview/listview.js
@@ -149,7 +149,7 @@ import ServerConnections from '../ServerConnections';
elem.classList.add('listItemBodyText');
- elem.innerHTML = '' + text + '';
+ elem.innerHTML = '' + escapeHtml(text) + '';
html += elem.outerHTML;
}
diff --git a/src/controllers/itemDetails/index.js b/src/controllers/itemDetails/index.js
index 1de235ffe3..6e238a7045 100644
--- a/src/controllers/itemDetails/index.js
+++ b/src/controllers/itemDetails/index.js
@@ -1068,7 +1068,7 @@ function renderTagline(page, item) {
if (item.Taglines && item.Taglines.length) {
taglineElement.classList.remove('hide');
- taglineElement.innerHTML = '' + item.Taglines[0] + '';
+ taglineElement.innerHTML = '' + escapeHtml(item.Taglines[0]) + '';
} else {
taglineElement.classList.add('hide');
}