diff --git a/src/webui/www/public/scripts/client.js b/src/webui/www/public/scripts/client.js
index 2516ea01d..e1349326e 100644
--- a/src/webui/www/public/scripts/client.js
+++ b/src/webui/www/public/scripts/client.js
@@ -629,6 +629,10 @@ var loadTorrentPeersData = function(){
                 if (response['peers']) {
                     for (var key in response['peers']) {
                         response['peers'][key]['rowId'] = key;
+
+                        if (response['peers'][key]['client'])
+                            response['peers'][key]['client'] = escapeHtml(response['peers'][key]['client']);
+
                         torrentPeersTable.updateRowData(response['peers'][key]);
                     }
                 }
diff --git a/src/webui/www/public/scripts/prop-files.js b/src/webui/www/public/scripts/prop-files.js
index d5bc8f777..3ee615a9c 100644
--- a/src/webui/www/public/scripts/prop-files.js
+++ b/src/webui/www/public/scripts/prop-files.js
@@ -311,7 +311,7 @@ var loadTorrentFilesData = function() {
                     var row = new Array();
                     row.length = 4;
                     row[0] = file.priority;
-                    row[1] = file.name;
+                    row[1] = escapeHtml(file.name);
                     row[2] = friendlyUnit(file.size, false);
                     row[3] = (file.progress * 100).round(1);
                     if (row[3] == 100.0 && file.progress < 1.0)
diff --git a/src/webui/www/public/scripts/prop-general.js b/src/webui/www/public/scripts/prop-general.js
index e51ad9576..b52d30ee5 100644
--- a/src/webui/www/public/scripts/prop-general.js
+++ b/src/webui/www/public/scripts/prop-general.js
@@ -130,7 +130,7 @@ var loadTorrentData = function() {
                     temp = "QBT_TR(Unknown)QBT_TR";
                 $('pieces').set('html', temp);
 
-                $('created_by').set('html', data.created_by);
+                $('created_by').set('html', escapeHtml(data.created_by));
                 if (data.addition_date != -1)
                     temp = new Date(data.addition_date * 1000).toLocaleString();
                 else
@@ -152,7 +152,7 @@ var loadTorrentData = function() {
 
                 $('save_path').set('html', data.save_path);
 
-                $('comment').set('html', parseHtmlLinks(data.comment));
+                $('comment').set('html', parseHtmlLinks(escapeHtml(data.comment)));
             }
             else {
                 clearData();
diff --git a/src/webui/www/public/scripts/prop-trackers.js b/src/webui/www/public/scripts/prop-trackers.js
index d7d0a0066..4830f6698 100644
--- a/src/webui/www/public/scripts/prop-trackers.js
+++ b/src/webui/www/public/scripts/prop-trackers.js
@@ -87,10 +87,10 @@ var loadTrackersData = function() {
                 trackers.each(function(tracker) {
                     var row = new Array();
                     row.length = 4;
-                    row[0] = tracker.url;
+                    row[0] = escapeHtml(tracker.url);
                     row[1] = tracker.status;
                     row[2] = tracker.num_peers;
-                    row[3] = tracker.msg;
+                    row[3] = escapeHtml(tracker.msg);
                     tTable.insertRow(row);
                 });
             }