diff --git a/routes.go b/routes.go
index 875f814..159d683 100644
--- a/routes.go
+++ b/routes.go
@@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"html"
 	"html/template"
 	"io"
 	"net/http"
@@ -154,6 +155,8 @@ var funcMap = template.FuncMap{
 		body = re.ReplaceAllString(body, "\n***\n")
 		// community bangs
 		body = RegReplace(body, `([^\[])!([a-zA-Z0-9_]+)@([a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)+)`, `$1[!$2@$3](/c/$2@$3)`)
+		// escape HTML tags
+		body = html.EscapeString(body)
 		if err := md.Convert([]byte(body), &buf); err != nil {
 			fmt.Println(err)
 			return template.HTML(body)