diff --git a/src/bb-library/Box/TwigExtensions.php b/src/bb-library/Box/TwigExtensions.php
index 610033e32..794241b4b 100644
--- a/src/bb-library/Box/TwigExtensions.php
+++ b/src/bb-library/Box/TwigExtensions.php
@@ -181,7 +181,7 @@ function twig_asset_url(Twig\Environment $env, $asset)
 function twig_img_tag($path, $alt = null)
 {
     $alt = is_null($alt) ? pathinfo($path, PATHINFO_BASENAME) : $alt;
-    return sprintf('<img src="%s" alt="%s" title="%s"/>', $path, $alt, $alt);
+    return sprintf('<img src="%s" alt="%s" title="%s"/>', htmlspecialchars($path), htmlspecialchars($alt), htmlspecialchars($alt));
 }
 
 function twig_script_tag($path)