diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb
index f305e4eb9..6290bef43 100644
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@@ -88,8 +88,8 @@ class PostPresenter < Presenter
       data-file-url="#{post.file_url}"
       data-large-file-url="#{post.large_file_url}"
       data-preview-file-url="#{post.preview_file_url}"
-      data-source="#{post.source}"
-      data-normalized-source="#{post.normalized_source}"
+      data-source="#{h(post.source}"
+      data-normalized-source="#{h(post.normalized_source)}"
     }.html_safe
   end