diff --git a/gui/griffon-app/views/com/muwire/gui/CertificateControlView.groovy b/gui/griffon-app/views/com/muwire/gui/CertificateControlView.groovy
index 288bf8be..565ce355 100644
--- a/gui/griffon-app/views/com/muwire/gui/CertificateControlView.groovy
+++ b/gui/griffon-app/views/com/muwire/gui/CertificateControlView.groovy
@@ -63,7 +63,7 @@ class CertificateControlView {
                 scrollPane {
                     certsTable = table(autoCreateRowSorter : true, rowHeight : rowHeight) {
                         tableModel(list : model.certificates) {
-                            closureColumn(header : trans("FILE_NAME"), type : String, read : {it.name.name})
+                            closureColumn(header : trans("FILE_NAME"), type : String, read : {HTMLSanitizer.sanitize(it.name.name)})
                             closureColumn(header : trans("HASH"), type : String, read : {Base64.encode(it.infoHash.getRoot())})
                             closureColumn(header : trans("COMMENT"), preferredWidth : 20, type : Boolean, read : {it.comment != null})
                             closureColumn(header : trans("TIMESTAMP"), type : Long, read : { it.timestamp })
diff --git a/gui/griffon-app/views/com/muwire/gui/MainFrameView.groovy b/gui/griffon-app/views/com/muwire/gui/MainFrameView.groovy
index 2f2c902b..b2422325 100644
--- a/gui/griffon-app/views/com/muwire/gui/MainFrameView.groovy
+++ b/gui/griffon-app/views/com/muwire/gui/MainFrameView.groovy
@@ -401,7 +401,7 @@ class MainFrameView {
                             scrollPane (constraints : BorderLayout.CENTER) {
                                 table(id : "uploads-table", autoCreateRowSorter: true, rowHeight : rowHeight) {
                                     tableModel(list : model.uploads) {
-                                        closureColumn(header : trans("NAME"), type : String, read : {row -> row.uploader.getName() })
+                                        closureColumn(header : trans("NAME"), type : String, read : {row -> HTMLSanitizer.sanitize(row.uploader.getName()) })
                                         closureColumn(header : trans("PROGRESS"), type : String, read : { row ->
                                             int percent = row.uploader.getProgress()
                                             trans("PERCENT_OF_PIECE", percent)
diff --git a/gui/src/main/groovy/com/muwire/gui/InterimTreeNode.groovy b/gui/src/main/groovy/com/muwire/gui/InterimTreeNode.groovy
index 08737b5b..73cf484c 100644
--- a/gui/src/main/groovy/com/muwire/gui/InterimTreeNode.groovy
+++ b/gui/src/main/groovy/com/muwire/gui/InterimTreeNode.groovy
@@ -2,8 +2,10 @@ package com.muwire.gui
 
 class InterimTreeNode {
     private final File file
+    private final String toString
     InterimTreeNode(File file) {
         this.file = file
+        this.toString = HTMLSanitizer.sanitize(file.getName())
     }
     
     public File getFile() {
@@ -17,6 +19,6 @@ class InterimTreeNode {
     }
     
     public String toString() {
-        file.getName()
+        toString
     }
 }
diff --git a/gui/src/main/groovy/com/muwire/gui/SharedTreeRenderer.groovy b/gui/src/main/groovy/com/muwire/gui/SharedTreeRenderer.groovy
index db9ab138..4e0c6c0e 100644
--- a/gui/src/main/groovy/com/muwire/gui/SharedTreeRenderer.groovy
+++ b/gui/src/main/groovy/com/muwire/gui/SharedTreeRenderer.groovy
@@ -37,7 +37,7 @@ class SharedTreeRenderer extends DefaultTreeCellRenderer {
         SizeFormatter.format(length,sb)
         sb.append(bShort)
         
-        setText("$name (${sb.toString()})")
+        setText(HTMLSanitizer.sanitize("$name (${sb.toString()})"))
         setEnabled(true)
         if (sf.comment != null) {
             setIcon(commentIcon)