diff --git a/app/views/todos/_todo.html.erb b/app/views/todos/_todo.html.erb
index 1c317c3f..6e123e62 100644
--- a/app/views/todos/_todo.html.erb
+++ b/app/views/todos/_todo.html.erb
@@ -13,7 +13,7 @@
     <div class="description<%= staleness_class( todo ) %>">
       <% unless @todo.completed? %><span class="defer-container"><%= defer_link(1) %> <%= defer_link(7) %></span><% end %>
       <%= date_span -%>
-      <span class="todo.descr"><%= sanitize(todo.description) %></span>
+      <span class="todo.descr"><%= h sanitize(todo.description) %></span>
       <%= link_to(
         image_tag("recurring16x16.png"),
         {:controller => "recurring_todos", :action => "index"},