diff --git a/lib/submitters/create_stamp_attachment.rb b/lib/submitters/create_stamp_attachment.rb
index 2f7d980d..f18b013a 100644
--- a/lib/submitters/create_stamp_attachment.rb
+++ b/lib/submitters/create_stamp_attachment.rb
@@ -89,6 +89,9 @@ module Submitters
 
       digitally_signed_by = I18n.t(:digitally_signed_by, locale: submitter.submission.account.locale)
 
+      name = ERB::Util.html_escape(name)
+      role = ERB::Util.html_escape(role)
+
       text = %(<span size="90">#{digitally_signed_by}:\n<b>#{name}</b>\n#{role}#{time} #{timezone}</span>)
 
       Vips::Image.text(text, width: WIDTH, height: HEIGHT, wrap: :'word-char')