Avoids potential XSS by escaping input before returning

Avoids potential XSS by escaping input before returning #40