diff --git a/plugin/hover.py b/plugin/hover.py
index 07a677cb2..c3bbb462a 100644
--- a/plugin/hover.py
+++ b/plugin/hover.py
@@ -38,6 +38,7 @@
 from .session_view import HOVER_HIGHLIGHT_KEY
 from urllib.parse import unquote, urlparse
 import functools
+import html
 import re
 import sublime
 import webbrowser
@@ -224,7 +225,7 @@ def _on_all_document_links_resolved(
             title = link.get("tooltip") or "Follow link"
             if title != "Follow link":
                 link_has_standard_tooltip = False
-            contents.append('<a href="{}">{}</a>'.format(target, title))
+            contents.append('<a href="{}">{}</a>'.format(html.escape(target), html.escape(title)))
         if len(contents) > 1:
             link_has_standard_tooltip = False
         link_range = range_to_region(Range.from_lsp(links[0]["range"]), self.view) if links else None
diff --git a/plugin/inlay_hint.py b/plugin/inlay_hint.py
index 17505da09..0efd0c6b5 100644
--- a/plugin/inlay_hint.py
+++ b/plugin/inlay_hint.py
@@ -101,9 +101,9 @@ def get_inlay_hint_html(view: sublime.View, inlay_hint: InlayHint, session: Sess
 
 def format_inlay_hint_tooltip(tooltip: Optional[Union[str, MarkupContent]]) -> str:
     if isinstance(tooltip, str):
-        return tooltip
+        return html.escape(tooltip)
     if isinstance(tooltip, dict):  # MarkupContent
-        return tooltip.get('value') or ""
+        return html.escape(tooltip.get('value') or "")
     return ""