diff --git a/public/javascripts/note_tree.js b/public/javascripts/note_tree.js
index 169db866d..57c93e1f9 100644
--- a/public/javascripts/note_tree.js
+++ b/public/javascripts/note_tree.js
@@ -186,13 +186,15 @@ const noteTree = (function() {
             const noteTreeId = getNoteTreeId(parentNoteId, noteId);
             const noteTree = notesTreeMap[noteTreeId];
 
+            const title = (noteTree.prefix ? (noteTree.prefix + " - ") : "") + noteIdToTitle[noteTree.note_id];
+
             const node = {
                 note_id: noteTree.note_id,
                 parent_note_id: noteTree.parent_note_id,
                 note_tree_id: noteTree.note_tree_id,
                 is_protected: noteTree.is_protected,
                 prefix: noteTree.prefix,
-                title: (noteTree.prefix ? (noteTree.prefix + " - ") : "") + noteIdToTitle[noteTree.note_id],
+                title: escapeHtml(title),
                 extraClasses: getExtraClasses(noteTree),
                 refKey: noteTree.note_id,
                 expanded: noteTree.is_expanded
diff --git a/public/javascripts/tree_utils.js b/public/javascripts/tree_utils.js
index 673eaf9fc..1d9813e09 100644
--- a/public/javascripts/tree_utils.js
+++ b/public/javascripts/tree_utils.js
@@ -37,7 +37,7 @@ const treeUtils = (function() {
 
         const title = (prefix ? (prefix + " - ") : "") + noteTitle;
 
-        node.setTitle(title);
+        node.setTitle(escapeHtml(title));
     }
 
     return {
diff --git a/public/javascripts/utils.js b/public/javascripts/utils.js
index 1f67844ad..1b390d130 100644
--- a/public/javascripts/utils.js
+++ b/public/javascripts/utils.js
@@ -93,4 +93,8 @@ function isTopLevelNode(node) {
 
 function isRootNode(node) {
     return node.key === "root_1";
+}
+
+function escapeHtml(str) {
+    return $('<div/>').text(str).html();
 }
\ No newline at end of file