diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 3c51b90..61214f3 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -21,7 +21,7 @@
     <div class="flashes">
       <% flash.each do |entry, message| %>
         <div class="flash <%= entry %>">
-          <div><%= message %></div>
+          <div><%= sanitize message %></div>
           <button onclick="this.parentElement.style.display='none';">&times;</button>
         </div>
       <% end %>