diff --git a/services/web-ui/public/js/topbar-strip.js b/services/web-ui/public/js/topbar-strip.js
index 50dc9cf..d79f58e 100644
--- a/services/web-ui/public/js/topbar-strip.js
+++ b/services/web-ui/public/js/topbar-strip.js
@@ -1,5 +1,9 @@
 // Operator status strip mounted at the top of every .main pane.
 (function () {
+  function esc(s) {
+    if (!s) return '';
+    return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;');
+  }
   function mount() {
     const main = document.querySelector('.main');
     if (!main || main.querySelector('.topbar-strip')) return;
@@ -11,7 +15,7 @@
       '<span class="ts-now" id="tsNow">00:00:00</span>' +
       '<span class="ts-sep"></span>' +
       '<span class="ts-label">Page</span>' +
-      '<span class="ts-value" id="tsPage">' + pageName() + '</span>' +
+      '<span class="ts-value" id="tsPage">' + esc(pageName()) + '</span>' +
       '<span class="ts-sep"></span>' +
       '<span class="ts-label">API</span>' +
       '<span class="ts-value" id="tsApi">--</span>';