diff --git a/index.php b/index.php
index 86bb876..aa325b3 100644
--- a/index.php
+++ b/index.php
@@ -7,7 +7,7 @@ header('Content-Type: text/plain');
 
 $text = "Set a message by adding ?message=<message here> to the URL";
 if(isset($_GET['message']) && $_GET['message'] != '') {
-	$text = $_GET['message'];
+	$text = htmlspecialchars($_GET['message']);
 }
 
 $cow = Farm::create(\Cowsayphp\Farm\Cow::class);