diff --git a/controller/SubmitReviewController.php b/controller/SubmitReviewController.php
index d76a13c1738929394c0d33c05edab67989494029..2bd0a4abb4a1fe3780ef5a559ae2f073cea7f1bb 100644
--- a/controller/SubmitReviewController.php
+++ b/controller/SubmitReviewController.php
@@ -25,7 +25,7 @@ class SubmitReviewController extends BaseController {
                         $review = new Entity\GenericEntity(array(
                             "book_id" => $this->getArg('book_id'),
                             "username" => $this->getUsername(),
-                            "message" => $this->getArg('message'),
+                            "message" => escapeHTML($this->getArg('message')),
                             "rating" => $this->getArg('rating'),
                         ));
                         if ($model_review->create($review)) {