diff --git a/ajax.php b/ajax.php
index 52c5d5c6..8f54e5eb 100644
--- a/ajax.php
+++ b/ajax.php
@@ -190,10 +190,10 @@ if (isset($_GET['ticket_query_views'])) {
         $users = array_unique($users);
         if (count($users) > 1) {
             // Multiple viewers
-            $response['message'] = implode(", ", $users) . " are viewing this ticket.";
+            $response['message'] = htmlentities(implode(", ", $users) . " are viewing this ticket.");
         } else {
             // Single viewer
-            $response['message'] = implode("", $users) . " is viewing this ticket.";
+            $response['message'] = htmlentities(implode("", $users) . " is viewing this ticket.");
         }
     } else {
         // No viewers