diff --git a/backend/utils.py b/backend/utils.py
index 58d0ebfa6de3268260267eb32559abb544e6b661..b247acf518818e7036572948154448e07d602d8e 100644
--- a/backend/utils.py
+++ b/backend/utils.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+from html import escape
 from secrets import token_hex
 
 from cryptography.exceptions import InvalidSignature
@@ -57,10 +58,10 @@ def update_item(db: Session, item: schemas.Item, data: schemas.ItemUpdate):
     verify = ""
     if data.addressee:
         verify += data.addressee
-        item.addressee = data.addressee
+        item.addressee = escape(data.addressee)
     if data.team:
         verify += data.team
-        item.team = data.team
+        item.team = escape(data.team)
     if data.amount:
         verify += str(data.amount)
         item.amount = data.amount