diff --git a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
index 98c37a64e2..528d0d702e 100644
--- a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
+++ b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
@@ -7,6 +7,7 @@
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.util.HtmlUtils;
 
 @Slf4j
 // TODO move back to lesson
@@ -46,7 +47,7 @@ private void readObject(ObjectInputStream stream) throws Exception {
     stream.defaultReadObject();
 
     // do something with the data
-    log.info("restoring task: {}", taskName);
+    log.info("restoring task: {}", HtmlUtils.htmlEscape(String.valueOf(taskName).replace("\n", "").replace("\r", "")));
     log.info("restoring time: {}", requestedExecutionTime);
 
     if (requestedExecutionTime != null