diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js
index 55ff41656b..fe147553d2 100644
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@@ -88,6 +88,7 @@ function getUserDataByUserSlug(userslug, callerUID, callback) {
 			userData.profile_links = results.profile_links;
 			userData.status = require('../socket.io').isUserOnline(userData.uid) ? (userData.status || 'online') : 'offline';
 			userData.banned = parseInt(userData.banned, 10) === 1;
+			userData.website = validator.escape(userData.website);
 			userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
 			userData.followingCount = parseInt(userData.followingCount, 10) || 0;
 			userData.followerCount = parseInt(userData.followerCount, 10) || 0;