diff --git a/admin/all.php b/admin/all.php
index 5b74cbb..3f97834 100644
--- a/admin/all.php
+++ b/admin/all.php
@@ -38,7 +38,7 @@ foreach (array_reverse($rows) as $i){
     if ($i["isrespondedto"] === "f" && $i["ispublic"] == "t") {
         echo("<div class=\"question\">");
         if ($i["iscwed"] === "t") {
-            echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>");
+            echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
         }
         echo(htmlspecialchars($i["text"]));
         echo("<div class=\"time\">" . $i["time"] . "</div>");
@@ -51,7 +51,7 @@ foreach (array_reverse($rows) as $i){
     if ($i["ispublic"] === "f") {
         echo("<div class=\"question\">");
         if ($i["iscwed"] === "t") {
-            echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>");
+            echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
         }
         echo(htmlspecialchars($i["text"]));
         echo("<div class=\"time\">" . $i["time"] . "</div>");
@@ -64,7 +64,7 @@ foreach (array_reverse($rows) as $i){
     if ($i["ispublic"] === "t" && $i["isrespondedto"] === "t") {
         echo("<div class=\"question\">");
         if ($i["iscwed"] === "t") {
-            echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>");
+            echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
         }
         echo(htmlspecialchars($i["text"]));
         echo("<div class=\"time\">" . $i["time"] . "</div>");
@@ -74,4 +74,4 @@ foreach (array_reverse($rows) as $i){
     }
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/admin/respond.php b/admin/respond.php
index aed9d20..1c2a7e0 100644
--- a/admin/respond.php
+++ b/admin/respond.php
@@ -46,7 +46,7 @@ if ($arr["ispublic"] === "f") {
     echo("<a class=\"goback\" href=\"index.php?pw={$adminPassword}\">(go back?)</a>");
     echo("<div class=\"question\">");
     if ($arr["iscwed"] === "t") {
-        echo("<h3>cw: " . $arr["cw"] . "</h3>");
+        echo("<h3>cw: " . htmlspecialchars($arr["cw"]) . "</h3>");
     }
     echo(htmlspecialchars($arr["text"]));
     echo("<div class=\"time\">" . $arr["time"] . "</div>");
@@ -60,4 +60,4 @@ if ($arr["ispublic"] === "f") {
     echo("<form class=\"frm\" action=\"index.php\"><input hidden name=\"id\" value=\"{$id}\"><input hidden name=\"page\" value=\"respond\"><input hidden name=\"pw\" value=\"{$adminPassword}\"><input id=\"passinput\" name=\"text\" required=\"\"><br><button class=\"submitbutton\" type=\"submit\">send</button></form>");
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/fetch.php b/fetch.php
index c3b043d..505d24e 100644
--- a/fetch.php
+++ b/fetch.php
@@ -28,7 +28,7 @@ if (pg_num_rows($qresp) === 0 || $arr["ispublic"] === "f" || $arr["isrespondedto
     echo("<a class=\"goback\" href=\"index.php\">(go back?)</a>");
     echo("<div class=\"question\">");
     if ($arr["iscwed"] === "t") {
-        echo("<details><summary>cw: " . $arr["cw"] . "</summary><span class=\"cwfiller\"></span>");
+        echo("<details><summary>cw: " . htmlspecialchars($arr["cw"]) . "</summary><span class=\"cwfiller\"></span>");
     }
     echo(htmlspecialchars($arr["text"]));
     echo("<div class=\"time\">" . $arr["time"] . "</div>");
@@ -36,4 +36,4 @@ if (pg_num_rows($qresp) === 0 || $arr["ispublic"] === "f" || $arr["isrespondedto
     echo("<div class=\"time\">" . $arr["responsetime"] . "</div></div></div>");
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/index.php b/index.php
index 6146864..999474d 100644
--- a/index.php
+++ b/index.php
@@ -36,7 +36,7 @@ foreach (array_reverse($rows) as $i){
     if ($i["ispublic"] === "t" && $i["isrespondedto"] === "t") {
         echo("<div class=\"question\">");
         if ($i["iscwed"] === "t") {
-            echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>");
+            echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
         }
         echo(htmlspecialchars($i["text"]));
         echo("<div class=\"time\">" . $i["time"] . "</div>");
@@ -46,4 +46,4 @@ foreach (array_reverse($rows) as $i){
     }
 }
 
-?>
\ No newline at end of file
+?>