diff --git a/file/js/be.bastelstu.WCF.Chat.coffee b/file/js/be.bastelstu.WCF.Chat.coffee
index d4dc64e..74c2061 100644
--- a/file/js/be.bastelstu.WCF.Chat.coffee
+++ b/file/js/be.bastelstu.WCF.Chat.coffee
@@ -366,7 +366,7 @@ window.console ?=
li.addClass 'timsChatAway'
li.attr 'title', user.awayStatus
li.data 'username', user.username
- a = $ ''+user.username+''
+ a = $ '' + WCF.String.escapeHTML(user.username) + ''
a.click $.proxy (event) ->
event.preventDefault()
@toggleUserMenu $ event.target