diff --git a/public/js/extensions.js b/public/js/extensions.js
index 6375b668..1b48ae55 100644
--- a/public/js/extensions.js
+++ b/public/js/extensions.js
@@ -21,6 +21,11 @@ String.prototype.replaceAll = function(search, replacement)
 	return this.replace(new RegExp(search, "g"), replacement);
 };
 
+String.prototype.escapeHTML = function()
+{
+	return this.replace(/[&<>"'`=\/]/g, s => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;', '/': '&#x2F;', '`': '&#x60;', '=': '&#x3D;' })[s]);;
+};
+
 GetUriParam = function(key)
 {
 	var currentUri = window.location.search.substring(1);
diff --git a/public/viewjs/mealplan.js b/public/viewjs/mealplan.js
index b52954de..30dc94fa 100644
--- a/public/viewjs/mealplan.js
+++ b/public/viewjs/mealplan.js
@@ -139,6 +139,8 @@ $(".calendar").each(function()
 					return false;
 				}
 
+				recipe.name = recipe.name.escapeHTML();
+
 				var internalShadowRecipe = FindObjectInArrayByPropertyValue(internalRecipes, "name", mealPlanEntry.day + "#" + mealPlanEntry.id);
 				var resolvedRecipe = FindObjectInArrayByPropertyValue(recipesResolved, "recipe_id", internalShadowRecipe.id);