diff --git a/src/components/compose.jsx b/src/components/compose.jsx
index ba0d6afc..9d1e8ca7 100644
--- a/src/components/compose.jsx
+++ b/src/components/compose.jsx
@@ -133,7 +133,14 @@ const SCAN_RE = new RegExp(
function highlightText(text, { maxCharacters = Infinity }) {
// Accept text string, return formatted HTML string
- let html = text;
+ // Escape all HTML special characters
+ let html = text
+ .replace(/&/g, '&')
+ .replace(/</g, '<')
+ .replace(/>/g, '>')
+ .replace(/"/g, '"')
+ .replace(/'/g, ''');
+
// Exceeded characters limit
const { composerCharacterCount } = states;
let leftoverHTML = '';