diff --git a/js/filters.js b/js/filters.js
index 68f01be..886dc6b 100644
--- a/js/filters.js
+++ b/js/filters.js
@@ -30,6 +30,13 @@ weechat.filter('irclinky', ['$filter', function($filter) {
             return text;
         }
 
+        // First, escape entities to prevent escaping issues because it's a bad idea
+        // to parse/modify HTML with regexes, which we do a couple of lines down...
+        var entities = {"<": "&lt;", ">": "&gt;", '"': '&quot;', "'": '&#39;', "&": "&amp;", "/": '&#x2F;'};
+        text = text.replace(/[<>"'&\/]/g, function (char) {
+            return entities[char];
+        });
+
         // This regex in no way matches all IRC channel names (they could also begin with &, + or an
         // exclamation mark followed by 5 alphanumeric characters, and are bounded in length by 50).
         // However, it matches all *common* IRC channels while trying to minimise false positives.