diff --git a/server.js b/server.js
index 9df1197..02f8960 100644
--- a/server.js
+++ b/server.js
@@ -30,9 +30,13 @@ app.get("/channels/:channel", async (req, res) => {
         });
 });
 
+function sanitize(text) {
+        return text.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+}
+
 function constructMessage(msg) {
         return `<div>
-                <span>${msg.author.username}</span>: ${msg.content}
+                <span>${sanitize(msg.author.username)}</span>: ${sanitize(msg.content)}
         </div>`;
 }