diff --git a/src/js/logs.js b/src/js/logs.js
index f5c3257be..b39094730 100644
--- a/src/js/logs.js
+++ b/src/js/logs.js
@@ -30,6 +30,24 @@ app.controller('LogsController', ['$scope', '$timeout', '$location', 'Client', f
         logViewer.empty();
     };
 
+    // https://github.com/janl/mustache.js/blob/master/mustache.js#L60
+    var entityMap = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#39;',
+        '/': '&#x2F;',
+        '`': '&#x60;',
+        '=': '&#x3D;'
+    };
+
+    function escapeHtml(string) {
+        return String(string).replace(/[&<>"'`=\/]/g, function fromEntityMap (s) {
+          return entityMap[s];
+        });
+    }
+
     function showLogs() {
         if (!$scope.selected) return;
 
@@ -58,7 +76,7 @@ app.controller('LogsController', ['$scope', '$timeout', '$location', 'Client', f
 
                 var logLine = $('<div class="log-line">');
                 var timeString = moment.utc(data.realtimeTimestamp/1000).format('MMM DD HH:mm:ss');
-                logLine.html('<span class="time">' + timeString + ' </span>' + window.ansiToHTML(typeof data.message === 'string' ? data.message : ab2str(data.message)));
+                logLine.html('<span class="time">' + timeString + ' </span>' + window.ansiToHTML(escapeHtml(typeof data.message === 'string' ? data.message : ab2str(data.message))));
                 tmp.append(logLine);
 
                 if (autoScroll) tmp[0].lastChild.scrollIntoView({ behavior: 'instant', block: 'end' });
