diff --git a/index.html b/index.html
index 3a65a1e..cbf7828 100644
--- a/index.html
+++ b/index.html
@@ -282,6 +282,17 @@ <h4 class="ui header">This is the encrypted version of your secret that is store
         decryptErrorElm.transition("fade in").find(id).show();
     }
 
+    /**
+     * Convert HTML to text
+     */
+    function stripHTML(dirtyString) {
+        var container = document.createElement('div'),
+            text = document.createTextNode(dirtyString);
+
+        container.appendChild(text);
+        return container.innerHTML; // innerHTML will be a xss safe string
+    }
+
     //---
     // DOM ready
     //--
@@ -422,7 +433,7 @@ <h4 class="ui header">This is the encrypted version of your secret that is store
                     $resultsecret.show().find('span:first').text(Tea.decrypt(json['data'], getDecryptionHashFromUrl()));
                     $resultsecret.find('span:first')
                         // styling formatting
-                        .html($resultsecret.find('span:first').text()
+                        .html(stripHTML($resultsecret.find('span:first').text())
                             .replace(/\[hl]/gi, "<code>")
                             .replace(/\[\/hl]/gi, "</code>")
                             .replace(/\[b]/gi, "<b>")