diff --git a/orbit-app/src/components/CommentsSection.jsx b/orbit-app/src/components/CommentsSection.jsx
index 6fe0c21..f38546c 100644
--- a/orbit-app/src/components/CommentsSection.jsx
+++ b/orbit-app/src/components/CommentsSection.jsx
@@ -30,6 +30,16 @@ function CommentsSection() {
       });
   };
 
+  // FIX: Helper function to escape HTML special characters
+  function escapeHtml(unsafe) {
+    return unsafe
+      .replace(/&/g, "&")
+      .replace(/</g, "&lt;")
+      .replace(/>/g, "&gt;")
+      .replace(/\"/g, "&quot;")
+      .replace(/'/g, "&#039;");
+  }
+
   return (
     <div>
       <h2>Comments</h2>
@@ -44,11 +54,13 @@ function CommentsSection() {
 
       <div className="comments-list">
         {commentsList.map((cmt, index) => (
-          <div key={index} dangerouslySetInnerHTML={{ __html: cmt.comment }} />
+          // FIX: Render comment as plain text, escaping HTML
+          <div key={index}>{escapeHtml(cmt.comment)}</div>
         ))}
       </div>
     </div>
   );
 }
+// FIX EXPLANATION: This fix removes the use of 'dangerouslySetInnerHTML' and instead escapes HTML special characters in user comments before rendering. This prevents any injected HTML or JavaScript from being interpreted by the browser, fully mitigating XSS. For production, consider using a robust library like 'dompurify' for sanitization if HTML formatting is required.
 
 export default CommentsSection;