diff --git a/main.py b/main.py
index fd03988..b5fb951 100644
--- a/main.py
+++ b/main.py
@@ -1,5 +1,6 @@
 import os
 import base64
+import html
 
 from flask import Flask, request
 from model import Message 
@@ -25,13 +26,13 @@ def home():
 
 <h2>Wisdom From Your Fellow Classmates</h2>
 """
-    
+
     for m in Message.select():
         body += """
 <div class="message">
 {}
 </div>
-""".format(m.content)
+""".format(html.escape(m.content, quote=True))
 
     return body