diff --git a/lib/nuts.js b/lib/nuts.js
index f23df197..645e2abb 100644
--- a/lib/nuts.js
+++ b/lib/nuts.js
@@ -195,7 +195,7 @@ Nuts.prototype.onDownload = function(req, res, next) {
         }
 
         if (!asset) {
-          res.status(400).send("No download available for platform "+platform+" for version "+version.tag+" ("+(channel || "beta")+")");
+          res.status(400).send("No download available for platform "+_.escape(platform)+" for version "+version.tag+" ("+(channel || "beta")+")");
           return;
         }
 
@@ -215,7 +215,7 @@ Nuts.prototype.onUpdateRedirect = function(req, res, next) {
         if (!req.query.version) throw new Error('Requires "version" parameter');
         if (!req.query.platform) throw new Error('Requires "platform" parameter');
 
-        return res.redirect('/update/'+req.query.platform+'/'+req.query.version);
+        return res.redirect('/update/'+_.escape(req.query.platform)+'/'+_.escape(req.query.version));
     })
     .fail(next);
 };