diff --git a/index.html b/index.html
index c9474c8..76fbfeb 100644
--- a/index.html
+++ b/index.html
@@ -363,6 +363,12 @@
       // Skip it on the first load since it's already saved
       void saveNote();
 
+      // Sanitize html
+      text = text
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;");
+
       // Turn urls into links
       const urlRegex = /(https?:\/\/[^\s]+)/g;
       text = text.replace(