diff --git a/src/gui/LeaderboardsGui.hx b/src/gui/LeaderboardsGui.hx
index 56b63878..1d9d457c 100644
--- a/src/gui/LeaderboardsGui.hx
+++ b/src/gui/LeaderboardsGui.hx
@@ -195,7 +195,7 @@ class LeaderboardsGui extends GuiImage {
 
 				for (score in scoreList) {
 					var scoreText = '<offset value="10">${i}. </offset>
-					<offset value="50">${score.name}</offset>
+					<offset value="50">${StringTools.htmlEscape(score.name)}</offset>
 					<offset value="375">${score.rewind > 0 ? "<img src='rewind'/>" : ""}</offset>
 					<offset value="400">${isHuntScore ? Std.string(1000 - score.score) : Util.formatTime(score.score)}</offset>
 					<offset value="500">${score.rating}</offset>
@@ -203,7 +203,7 @@ class LeaderboardsGui extends GuiImage {
 
 					if (levelSelectDifficulty == "customs") {
 						scoreText = '<offset value="10">${i}. </offset>
-					<offset value="50">${score.name}</offset>
+					<offset value="50">${StringTools.htmlEscape(score.name)}</offset>
 					<offset value="475">${score.rewind > 0 ? "<img src='rewind'/>" : ""}</offset>
 					<offset value="500">${isHuntScore ? Std.string(1000 - score.score) : Util.formatTime(score.score)}</offset>
 					<offset value="625"><img src="${platformToString(score.platform)}"/></offset>';
@@ -232,7 +232,7 @@ class LeaderboardsGui extends GuiImage {
 
 				for (score in scoreList) {
 					var scoreText = '<offset value="10">${i}. </offset>
-					<offset value="50">${score.name}</offset>
+					<offset value="50">${StringTools.htmlEscape(score.name)}</offset>
 					<offset value="575">${score.rating}</offset>';
 					scoreTexts.push(scoreText);
 					i++;
diff --git a/src/gui/MPServerListGui.hx b/src/gui/MPServerListGui.hx
index f29f12db..50d2bf4e 100644
--- a/src/gui/MPServerListGui.hx
+++ b/src/gui/MPServerListGui.hx
@@ -97,7 +97,7 @@ class MPServerListGui extends GuiImage {
 
 		function updateServerListDisplay() {
 			serverDisplays = ourServerList.map(x -> return
-				'<img src="${platformToString[x.platform]}"></img><font color="#FFFFFF">${x.players}/${x.maxPlayers}  ${x.name}</font>');
+				'<img src="${platformToString[x.platform]}"></img><font color="#FFFFFF">${x.players}/${x.maxPlayers}  ${StringTools.htmlEscape(x.name)}</font>');
 			serverList.setTexts(serverDisplays);
 		}
 
diff --git a/src/gui/MultiplayerLevelSelectGui.hx b/src/gui/MultiplayerLevelSelectGui.hx
index 77cb5b66..11f1883a 100644
--- a/src/gui/MultiplayerLevelSelectGui.hx
+++ b/src/gui/MultiplayerLevelSelectGui.hx
@@ -212,7 +212,8 @@ class MultiplayerLevelSelectGui extends GuiImage {
 		innerCtrl.addChild(chatWnd);
 
 		playerList = new GuiMLTextListCtrl(arial14, playerListArr.map(player -> {
-			return '<img src="${player.state ? "ready" : "notready"}"></img><img src="${platformToString(player.platform)}"></img>${player.name}';
+			return
+				'<img src="${player.state ? "ready" : "notready"}"></img><img src="${platformToString(player.platform)}"></img>${StringTools.htmlEscape(player.name)}';
 		}), imgLoader);
 		playerList.selectedColor = 0xF29515;
 		playerList.selectedFillColor = 0xEBEBEB;
@@ -504,7 +505,8 @@ class MultiplayerLevelSelectGui extends GuiImage {
 
 		if (!showingCustoms)
 			playerList.setTexts(playerListArr.map(player -> {
-				return '<img src="${player.state ? "ready" : "notready"}"></img><img src="${platformToString(player.platform)}"></img>${player.name}';
+				return
+					'<img src="${player.state ? "ready" : "notready"}"></img><img src="${platformToString(player.platform)}"></img>${StringTools.htmlEscape(player.name)}';
 			}));
 
 		var pubCount = 1; // Self
diff --git a/src/gui/PlayGui.hx b/src/gui/PlayGui.hx
index 00aab49c..a595d406 100644
--- a/src/gui/PlayGui.hx
+++ b/src/gui/PlayGui.hx
@@ -728,9 +728,9 @@ class PlayGui {
 		var plShadowScores = [];
 		playerList.sort((a, b) -> a.score > b.score ? -1 : (a.score < b.score ? 1 : 0));
 		for (item in playerList) {
-			pl.push('<font color="#EBEBEB"><img src="${item.us ? "us" : "them"}"></img>${Util.rightPad(item.name, 25, 3)}</font>');
+			pl.push('<font color="#EBEBEB"><img src="${item.us ? "us" : "them"}"></img>${Util.rightPad(StringTools.htmlEscape(item.name), 25, 3)}</font>');
 			plScores.push('<font color="#EBEBEB">${item.score}</font>');
-			plShadow.push('<font color="#000000"><img src="them"></img>${Util.rightPad(item.name, 25, 3)}</font>');
+			plShadow.push('<font color="#000000"><img src="them"></img>${Util.rightPad(StringTools.htmlEscape(item.name), 25, 3)}</font>');
 			plShadowScores.push('<font color="#000000">${item.score}</font>');
 		}
 		playerListCtrl.setTexts(pl);
@@ -746,9 +746,9 @@ class PlayGui {
 		if (p2 == null) {
 			var onePt = p1.score == 1;
 			if (onePt)
-				MarbleGame.instance.world.displayAlert('${p1.name} won with 1 point!');
+				MarbleGame.instance.world.displayAlert('${StringTools.htmlEscape(p1.name)} won with 1 point!');
 			else
-				MarbleGame.instance.world.displayAlert('${p1.name} won with ${p1.score} points!');
+				MarbleGame.instance.world.displayAlert('${StringTools.htmlEscape(p1.name)} won with ${p1.score} points!');
 		} else {
 			var tie = p1.score == p2.score;
 			if (tie) {
@@ -756,9 +756,9 @@ class PlayGui {
 			} else {
 				var onePt = p1.score == 1;
 				if (onePt)
-					MarbleGame.instance.world.displayAlert('${p1.name} won with 1 point!');
+					MarbleGame.instance.world.displayAlert('${StringTools.htmlEscape(p1.name)} won with 1 point!');
 				else
-					MarbleGame.instance.world.displayAlert('${p1.name} won with ${p1.score} points!');
+					MarbleGame.instance.world.displayAlert('${StringTools.htmlEscape(p1.name)} won with ${p1.score} points!');
 
 				if (p1.id == Net.clientId) { // This us
 					AchievementsGui.queueMPAchievement(512);