diff --git a/template/_header.php b/template/_header.php
index 7c18a3a..0018738 100644
--- a/template/_header.php
+++ b/template/_header.php
@@ -4,7 +4,7 @@
 // Typically we put this before any local urls, such as navigation, icons etc to ensure that they use the correct path.
 $templateUrlPrefix = dirname(str_replace(realpath($_SERVER['DOCUMENT_ROOT']), '', realpath(__DIR__)));
 if ((strlen($templateUrlPrefix) > 1)) {
-    $templateUrlPrefix = $templateUrlPrefix . DIRECTORY_SEPARATOR;
+    $templateUrlPrefix = htmlspecialchars($templateUrlPrefix . DIRECTORY_SEPARATOR);
 }
 
 if ($templateParameters["render"] === false) {