diff --git a/src/main/java/com/microfocus/example/web/controllers/ProductController.java b/src/main/java/com/microfocus/example/web/controllers/ProductController.java
index 8a03f0b3..c97d6453 100644
--- a/src/main/java/com/microfocus/example/web/controllers/ProductController.java
+++ b/src/main/java/com/microfocus/example/web/controllers/ProductController.java
@@ -52,6 +52,7 @@ Insecure Web App (IWA)
 import java.nio.file.Paths;
 import java.security.Principal;
 import java.util.*;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * Controller for product pages
@@ -88,7 +89,7 @@ String GetControllerName() {
     @ResponseBody
     public ResponseEntity<String> getKeywordsContent(@Param("keywords") String keywords) {
 
-    	String retContent = "Product search using: " + keywords;
+    	String retContent = "Product search using: " + HtmlUtils.htmlEscape(HtmlUtils.htmlUnescape(String.valueOf(keywords)));
     	
         return ResponseEntity.ok().body(retContent);
     }