diff --git a/background_scripts/completion/completers.js b/background_scripts/completion/completers.js
index fbd45c11e..5d658e04b 100644
--- a/background_scripts/completion/completers.js
+++ b/background_scripts/completion/completers.js
@@ -89,7 +89,9 @@ export class Suggestion {
     if (this.isCustomSearch) {
       this.html = `\
 <div class="top-half">
-   <span class="source ${insertTextClass}">${insertTextIndicator}</span><span class="source">${this.description}</span>
+   <span class="source ${insertTextClass}">${insertTextIndicator}</span><span class="source">${
+        Utils.escapeHtml(this.description)
+      }</span>
    <span class="title">${this.highlightQueryTerms(Utils.escapeHtml(this.title))}</span>
    ${relevancyHtml}
  </div>\
@@ -97,7 +99,9 @@ export class Suggestion {
     } else {
       this.html = `\
 <div class="top-half">
-   <span class="source ${insertTextClass}">${insertTextIndicator}</span><span class="source">${this.description}</span>
+   <span class="source ${insertTextClass}">${insertTextIndicator}</span><span class="source">${
+        Utils.escapeHtml(this.description)
+      }</span>
    <span class="title">${this.highlightQueryTerms(Utils.escapeHtml(this.title))}</span>
  </div>
  <div class="bottom-half">
diff --git a/lib/utils.js b/lib/utils.js
index f8f736b27..45b5e7d66 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -71,7 +71,11 @@ const Utils = {
   })(),
 
   escapeHtml(string) {
-    return string.replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    return string.replace(/&/g, "&amp;")
+      .replace(/</g, "&lt;")
+      .replace(/>/g, "&gt;")
+      .replace(/"/g, "&quot;")
+      .replace(/'/g, "&#39;");
   },
 
   // Generates a unique ID
diff --git a/tests/unit_tests/completion/completers_test.js b/tests/unit_tests/completion/completers_test.js
index a18af89bb..69b52c943 100644
--- a/tests/unit_tests/completion/completers_test.js
+++ b/tests/unit_tests/completion/completers_test.js
@@ -416,6 +416,17 @@ context("suggestions", () => {
     assert.isTrue(suggestion.generateHtml({}).indexOf("title &lt;span&gt;") >= 0);
   });
 
+  should("escape html in descriptions", () => {
+    const suggestion = new Suggestion({
+      queryTerms: ["queryterm"],
+      description: "tab <span>",
+      url: "url",
+      title: "title",
+      relevancyFunction: returns(1),
+    });
+    assert.isTrue(suggestion.generateHtml({}).indexOf("tab &lt;span&gt;") >= 0);
+  });
+
   should("highlight query words", () => {
     const suggestion = new Suggestion({
       queryTerms: ["ninj", "words"],
diff --git a/tests/unit_tests/utils_test.js b/tests/unit_tests/utils_test.js
index 14d56358b..32d2f5c44 100644
--- a/tests/unit_tests/utils_test.js
+++ b/tests/unit_tests/utils_test.js
@@ -149,6 +149,23 @@ context("extractQuery", () => {
   });
 });
 
+context("escapeHtml", () => {
+  should("escape HTML special characters", () => {
+    assert.equal("&amp;", Utils.escapeHtml("&"));
+    assert.equal("&lt;", Utils.escapeHtml("<"));
+    assert.equal("&gt;", Utils.escapeHtml(">"));
+    assert.equal("&quot;", Utils.escapeHtml('"'));
+    assert.equal("&#39;", Utils.escapeHtml("'"));
+  });
+
+  should("escape a string with multiple special characters", () => {
+    assert.equal(
+      "&lt;a href=&quot;foo&quot;&gt;bar &amp; baz&#39;s&lt;/a&gt;",
+      Utils.escapeHtml('<a href="foo">bar & baz\'s</a>'),
+    );
+  });
+});
+
 context("pick", () => {
   should("omit properties", () => {
     assert.equal({ a: 1, b: 2 }, Utils.pick({ a: 1, b: 2, c: 3 }, ["a", "b", "d"]));