diff --git a/src/app/chat/view.nim b/src/app/chat/view.nim
index 8646931a1b..ac5eb53fe4 100644
--- a/src/app/chat/view.nim
+++ b/src/app/chat/view.nim
@@ -348,7 +348,7 @@ QtObject:
         if msg.chatId != self.activeChannel.id:
           let channel = self.chats.getChannelById(msg.chatId)
           if not channel.muted:
-            self.messageNotificationPushed(msg.chatId, msg.text, msg.messageType, channel.chatType.int, msg.timestamp, msg.identicon, msg.alias, msg.hasMention)
+            self.messageNotificationPushed(msg.chatId, escape_html(msg.text), msg.messageType, channel.chatType.int, msg.timestamp, msg.identicon, msg.alias, msg.hasMention)
         else:
           discard self.status.chat.markMessagesSeen(msg.chatId, @[msg.id])
           self.newMessagePushed()
diff --git a/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml b/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml
index 0035d0e9c6..3d417b740e 100644
--- a/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml
+++ b/ui/app/AppLayouts/Chat/ContactsColumn/Channel.qml
@@ -89,7 +89,7 @@ Rectangle {
                 //% "Sticker"
                 case Constants.stickerType: return qsTrId("sticker");
                 //% "No messages"
-                default: return lastMessage ? Emoji.parse(lastMessage, "26x26").replace(/\n|\r/g, ' ') : qsTrId("no-messages")
+                default: return lastMessage ? Emoji.parse(Utils.filterXSS(lastMessage), "26x26").replace(/\n|\r/g, ' ') : qsTrId("no-messages")
             }
         }
         textFormat: Text.RichText