diff --git a/extension.json b/extension.json
index 457616c..b330c0c 100644
--- a/extension.json
+++ b/extension.json
@@ -1,6 +1,6 @@
 {
 	"name": "RandomGameUnit",
-	"version": "2.7.0",
+	"version": "2.8.0",
 	"author": [
 		"Aaron Wright",
 		"David Pean",
diff --git a/includes/RandomGameUnit.php b/includes/RandomGameUnit.php
index 7695d73..de14bad 100644
--- a/includes/RandomGameUnit.php
+++ b/includes/RandomGameUnit.php
@@ -171,7 +171,7 @@ class RandomGameUnit {
 		$poll_link = Title::makeTitle( $ns, $poll['title'] );
 		$output = '<div class="game-unit-container">
 			<h2>' . wfMessage( 'game-unit-poll-title' )->escaped() . '</h2>
-			<div class="poll-unit-title">' . $poll_link->getText() . '</div>';
+			<div class="poll-unit-title">' . htmlspecialchars( $poll_link->getText(), ENT_QUOTES ) . '</div>';
 
 		if ( $poll['image'] ) {
 			$poll_image_width = $wgRandomImageSize;
@@ -193,7 +193,7 @@ class RandomGameUnit {
 		foreach ( $poll['choices'] as $choice ) {
 			$output .= '<a href="' . htmlspecialchars( $poll_link->getFullURL() ) . '" rel="nofollow">
 				<input id="poll_choice" type="radio" value="10" name="poll_choice" onclick="location.href=\'' .
-				htmlspecialchars( $poll_link->getFullURL() ) . '\'" /> ' . $choice['choice'] .
+				htmlspecialchars( $poll_link->getFullURL() ) . '\'" /> ' . htmlspecialchars( $choice['choice'], ENT_QUOTES ) .
 			'</a>';
 		}
 		$output .= '</div>
@@ -208,7 +208,7 @@ class RandomGameUnit {
 		$quiz_title = SpecialPage::getTitleFor( 'QuizGameHome' );
 		$output = '<div class="game-unit-container">
 			<h2>' . wfMessage( 'game-unit-quiz-title' )->escaped() . '</h2>
-			<div class="quiz-unit-title"><a href="' . htmlspecialchars( $quiz_title->getFullURL( "questionGameAction=renderPermalink&permalinkID={$quiz['id']}" ) ) . '" rel="nofollow">' . $quiz['text'] . '</a></div>';
+			<div class="quiz-unit-title"><a href="' . htmlspecialchars( $quiz_title->getFullURL( "questionGameAction=renderPermalink&permalinkID={$quiz['id']}" ) ) . '" rel="nofollow">' . htmlspecialchars( $quiz['text'], ENT_QUOTES ) . '</a></div>';
 
 		if ( $quiz['image'] ) {
 			$quiz_image_width = $wgRandomImageSize;
@@ -279,7 +279,7 @@ class RandomGameUnit {
 
 		$output = '<div class="game-unit-container">
 		<h2>' . wfMessage( 'game-unit-picturegame-title' )->escaped() . '</h2>
-		<div class="pg-unit-title">' . $title_text . '</div>
+		<div class="pg-unit-title">' . htmlspecialchars( $title_text, ENT_QUOTES ) . '</div>
 		<div class="pg-unit-pictures">
 			<div onmouseout="this.style.backgroundColor = \'\'" onmouseover="this.style.backgroundColor = \'#4B9AF6\'">
 				<a href="' . htmlspecialchars( $pic_game_link->getFullURL( 'picGameAction=renderPermalink&id=' . $picturegame['id'] . '&voteID=' . $picturegame['id'] . '&key=' . $key ) ) . '">' . $imgOne . '</a>