diff --git a/src/categoryButtons.ts b/src/categoryButtons.ts
index d59b9ce..81c123f 100644
--- a/src/categoryButtons.ts
+++ b/src/categoryButtons.ts
@@ -1,4 +1,5 @@
 import { TinyEmitter as Emitter } from 'tiny-emitter';
+import escape from 'escape-html';
 
 import { CLASS_CATEGORY_BUTTONS, CLASS_CATEGORY_BUTTON } from './classes';
 
diff --git a/src/emojiArea.ts b/src/emojiArea.ts
index 33facbd..3166993 100644
--- a/src/emojiArea.ts
+++ b/src/emojiArea.ts
@@ -1,4 +1,5 @@
 import { TinyEmitter as Emitter } from 'tiny-emitter';
+import escape from 'escape-html';
 
 import emojiData from './data/emoji';
 import { i18n as defaultI18n } from './i18n';
@@ -297,8 +298,9 @@ export class EmojiArea {
     emojis: Array<EmojiRecord | RecentEmoji>
   ): void => {
     const name = createElement('h2', CLASS_CATEGORY_NAME);
-    name.innerHTML =
-      this.i18n.categories[category] || defaultI18n.categories[category];
+    name.innerHTML = escape(
+      this.i18n.categories[category] || defaultI18n.categories[category]
+    );
     this.emojis.appendChild(name);
     this.headers.push(name);
 
diff --git a/src/preview.ts b/src/preview.ts
index 0d6ec56..da6a210 100644
--- a/src/preview.ts
+++ b/src/preview.ts
@@ -49,7 +49,7 @@ export class EmojiPreview {
     }
 
     this.emoji.innerHTML = content;
-    this.name.innerHTML = emoji.name;
+    this.name.innerHTML = escape(emoji.name);
   }
 
   hidePreview(): void {
diff --git a/src/search.ts b/src/search.ts
index a1c2f31..4652ed3 100644
--- a/src/search.ts
+++ b/src/search.ts
@@ -1,4 +1,5 @@
 import { TinyEmitter as Emitter } from 'tiny-emitter';
+import escape from 'escape-html';
 
 import * as icons from './icons';
 
@@ -40,7 +41,7 @@ class NotFoundMessage {
     container.appendChild(iconContainer);
 
     const messageContainer = createElement('h2');
-    messageContainer.innerHTML = this.message;
+    messageContainer.innerHTML = escape(this.message);
     container.appendChild(messageContainer);
 
     return container;