diff --git a/web/scanEngine/static/scanEngine/js/custom_tools.js b/web/scanEngine/static/scanEngine/js/custom_tools.js
index 7af299d16..bae524d78 100644
--- a/web/scanEngine/static/scanEngine/js/custom_tools.js
+++ b/web/scanEngine/static/scanEngine/js/custom_tools.js
@@ -7,7 +7,7 @@ function load_gf_template(pattern_name){
   $('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
   $.getJSON(`/api/getFileContents?gf_pattern&name=${pattern_name}&format=json`, function(data) {
     $('#modal-loader').empty();
-    $('#modal-text-content').append(`<pre>${data['content']}</pre>`);
+    $('#modal-text-content').append(`<pre>${htmlEncode(data['content'])}</pre>`);
   }).fail(function(){
     $('#modal-loader').empty();
     $("#modal-text-content").append(`<p class='text-danger'>Error loading GF Pattern</p>`);
@@ -24,7 +24,7 @@ function load_nuclei_template(pattern_name){
   $('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
   $.getJSON(`/api/getFileContents?nuclei_template&name=${pattern_name}&format=json`, function(data) {
     $('#modal-loader').empty();
-    $('#modal-text-content').append(`<pre>${data['content']}</pre>`);
+    $('#modal-text-content').append(`<pre>${htmlEncode(data['content'])}</pre>`);
   }).fail(function(){
     $('#modal-loader').empty();
     $("#modal-text-content").append(`<p class='text-danger'>Error loading Nuclei Template</p>`);