diff --git a/resources/views/items/list.blade.php b/resources/views/items/list.blade.php
index f72e46f5..e5655008 100644
--- a/resources/views/items/list.blade.php
+++ b/resources/views/items/list.blade.php
@@ -32,7 +32,7 @@
                             <tr>
                                 <td>{{ $app->title }}</td>
                                 <td><a href="{{ $app->url }}">{{ $app->link }}</a></td>
-                                <td class="text-center"><a{{ $app->target }} href="{!! route('items.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {!! $app->title !!}"><i class="fas fa-edit"></i></a></td>
+                                <td class="text-center"><a{{ $app->target }} href="{!! route('items.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {{ $app->title }}"><i class="fas fa-edit"></i></a></td>
                                 <td class="text-center">
                                         {!! Form::open(['method' => 'DELETE','route' => ['items.destroy', $app->id],'style'=>'display:inline']) !!}
                                         <button class="link" type="submit"><i class="fa fa-trash-alt"></i></button>
diff --git a/resources/views/items/scripts.blade.php b/resources/views/items/scripts.blade.php
index 0e785fe6..0e7161ce 100644
--- a/resources/views/items/scripts.blade.php
+++ b/resources/views/items/scripts.blade.php
@@ -31,13 +31,13 @@
                 }
             });
             // initial load
-            $('#tile-preview .title').html($('#appname').val());
+            $('#tile-preview .title').text($('#appname').val());
             $('#tile-preview .item').css('backgroundColor', $('#appcolour').val());
             $('#tile-preview .app-icon').attr('src', $('#appimage img').attr('src'));
 
             // Updates
             $('#appname').on('keyup change', function(e) {
-                $('#tile-preview .title').html($(this).val());
+                $('#tile-preview .title').text($(this).val());
             })
             $('#apptype').on('change', function(e) {
                 appload($(this).find('option:selected').val());
@@ -178,7 +178,7 @@
                         if($('#appname').val() === '') {
                             $('#appname').val(data.name)
                         }
-                        $('#tile-preview .title').html($('#appname').val());
+                        $('#tile-preview .title').text($('#appname').val());
                         if(data.custom != null) {
                             $.get(base+'view/'+data.custom, function(getdata) {
                                 $('#sapconfig').html(getdata).show();
diff --git a/resources/views/tags/list.blade.php b/resources/views/tags/list.blade.php
index b47b8495..7b1c8e1f 100644
--- a/resources/views/tags/list.blade.php
+++ b/resources/views/tags/list.blade.php
@@ -31,7 +31,7 @@
                             <tr>
                                 <td>{{ $app->title }}</td>
                                 <td><a{{ $app->target }} href="{{ url($app->link) }}">{{ $app->link }}</a></td>
-                                <td class="text-center"><a href="{!! route('tags.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {!! $app->title !!}"><i class="fas fa-edit"></i></a></td>
+                                <td class="text-center"><a href="{!! route('tags.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {{ $app->title }}"><i class="fas fa-edit"></i></a></td>
                                 <td class="text-center">
                                         {!! Form::open(['method' => 'DELETE','route' => ['tags.destroy', $app->id],'style'=>'display:inline']) !!}
                                         <button class="link" type="submit"><i class="fa fa-trash-alt"></i></button>
diff --git a/tests/Feature/ItemListTest.php b/tests/Feature/ItemListTest.php
index 7e950668..2d806d88 100644
--- a/tests/Feature/ItemListTest.php
+++ b/tests/Feature/ItemListTest.php
@@ -31,4 +31,15 @@ class ItemListTest extends TestCase
         $response->assertSee('Item 2');
         $response->assertSee('Item 3');
     }
+
+    public function test_escapes_xss_on_the_item_list_page()
+    {
+        $this->addItemWithTitleToDB('<script>alert("XSS")</script>');
+
+        $response = $this->get('/items');
+
+        $response->assertStatus(200);
+        $response->assertDontSee('<script>alert("XSS")</script>', false);
+        $response->assertSee('<script>alert("XSS")</script>');
+    }
 }
diff --git a/tests/Feature/TagListTest.php b/tests/Feature/TagListTest.php
index 9193b5a6..54a52f9b 100644
--- a/tests/Feature/TagListTest.php
+++ b/tests/Feature/TagListTest.php
@@ -32,4 +32,15 @@ class TagListTest extends TestCase
         $response->assertSee('Tag 2');
         $response->assertSee('Tag 3');
     }
+
+    public function test_escapes_xss_on_the_tag_list_page()
+    {
+        $this->addTagWithTitleToDB('<script>alert("XSS")</script>');
+
+        $response = $this->get('/tags');
+
+        $response->assertStatus(200);
+        $response->assertDontSee('<script>alert("XSS")</script>', false);
+        $response->assertSee('<script>alert("XSS")</script>');
+    }
 }
