diff --git a/src/DataTables/Column/EntityColumn.php b/src/DataTables/Column/EntityColumn.php
index 54ae3fb3..b5d71a08 100644
--- a/src/DataTables/Column/EntityColumn.php
+++ b/src/DataTables/Column/EntityColumn.php
@@ -78,7 +78,7 @@ class EntityColumn extends AbstractColumn
                     );
                 }
 
-                return sprintf('<i>%s</i>', $value);
+                return sprintf('<i>%s</i>', htmlspecialchars($value));
             }
 
             return '';
diff --git a/src/DataTables/Column/IconLinkColumn.php b/src/DataTables/Column/IconLinkColumn.php
index 6704cb4a..47b35d82 100644
--- a/src/DataTables/Column/IconLinkColumn.php
+++ b/src/DataTables/Column/IconLinkColumn.php
@@ -87,9 +87,9 @@ class IconLinkColumn extends AbstractColumn
             return sprintf(
                 '<a class="btn btn-primary btn-sm %s" href="%s" title="%s"><i class="%s"></i></a>',
                 $disabled ? 'disabled' : '',
-                $href,
-                $title,
-                $icon
+                htmlspecialchars($href),
+                htmlspecialchars($title ?? ''),
+                htmlspecialchars($icon ?? '')
             );
         }