diff --git a/contact_list.js b/contact_list.js
index fe69e10d0..12b4571e9 100644
--- a/contact_list.js
+++ b/contact_list.js
@@ -185,7 +185,7 @@ var ContactList = (function (my) {
      */
     function createDisplayNameParagraph(displayName) {
         var p = document.createElement('p');
-        p.innerHTML = displayName;
+        p.innerText = displayName;
 
         return p;
     };
@@ -203,7 +203,7 @@ var ContactList = (function (my) {
         var contactName = $('#contactlist #' + resourceJid + '>p');
 
         if (contactName && displayName && displayName.length > 0)
-            contactName.html(displayName);
+            contactName.text(displayName);
     });
 
     my.setClickable = function(resourceJid, isClickable) {