diff --git a/src/controllers/tags.js b/src/controllers/tags.js
index 6d3d18c1f0..755ede4b91 100644
--- a/src/controllers/tags.js
+++ b/src/controllers/tags.js
@@ -3,11 +3,12 @@
 var tagsController = {},
 	async = require('async'),
 	nconf = require('nconf'),
+	validator = require('validator'),
 	meta = require('../meta'),
 	topics = require('../topics');
 
 tagsController.getTag = function(req, res, next) {
-	var tag = req.params.tag;
+	var tag = validator.escape(req.params.tag);
 	var uid = req.user ? req.user.uid : 0;
 	var end = (parseInt(meta.config.topicsPerList, 10) || 20) - 1;
 	topics.getTagTids(tag, 0, end, function(err, tids) {