diff --git a/tcms/core/history.py b/tcms/core/history.py
index abc2edc264..76a9fcccc2 100644
--- a/tcms/core/history.py
+++ b/tcms/core/history.py
@@ -8,6 +8,8 @@
 from simple_history.admin import SimpleHistoryAdmin
 from simple_history.models import HistoricalRecords
 
+from tcms.core.templatetags.extra_filters import bleach_input
+
 
 def diff_objects(old_instance, new_instance, fields):
     """
@@ -20,6 +22,13 @@ def diff_objects(old_instance, new_instance, fields):
         field_diff = []
         old_value = getattr(old_instance, field.attname)
         new_value = getattr(new_instance, field.attname)
+
+        # clean stored XSS
+        if isinstance(old_value, str):
+            old_value = bleach_input(old_value)
+        if isinstance(new_value, str):
+            new_value = bleach_input(new_value)
+
         for line in difflib.unified_diff(
             str(old_value).split("\n"),
             str(new_value).split("\n"),