diff --git a/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js b/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js
index 6ddfbf82dd..841b7aa710 100644
--- a/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js
+++ b/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js
@@ -54,7 +54,7 @@ define(['jquery',
 
                 showLessonCookiesAndParams: function() {
                     $.get(goatConstants.cookieService, {}, function(reply) {
-                        $("#lesson_cookies").html(reply);
+                        $("#lesson_cookies").html(DOMPurify.sanitize(reply));
                     }, "html");
                 },