diff --git a/tools/report-converter/codechecker_report_converter/report/output/html/html.py b/tools/report-converter/codechecker_report_converter/report/output/html/html.py
index eeedb1058b..f03c1f43b2 100644
--- a/tools/report-converter/codechecker_report_converter/report/output/html/html.py
+++ b/tools/report-converter/codechecker_report_converter/report/output/html/html.py
@@ -6,6 +6,7 @@
 #
 # -------------------------------------------------------------------------
 
+import html
 import io
 import json
 import logging
@@ -171,7 +172,7 @@ def _add_source_file(self, file: File) -> FileSource:
             file_content = InvalidFileContentMsg
 
         self.files[file.id] = {
-            'id': file.id, 'filePath': file.path, 'content': file_content}
+            'id': file.id, 'filePath': file.path, 'content': html.escape(file_content)}
 
         return self.files[file.id]
 
diff --git a/tools/report-converter/codechecker_report_converter/report/output/html/static/js/bugviewer.js b/tools/report-converter/codechecker_report_converter/report/output/html/static/js/bugviewer.js
index 562ab8eaab..a851953d71 100644
--- a/tools/report-converter/codechecker_report_converter/report/output/html/static/js/bugviewer.js
+++ b/tools/report-converter/codechecker_report_converter/report/output/html/static/js/bugviewer.js
@@ -195,7 +195,9 @@ var BugViewer = {
 
     this._sourceFileData = file;
     this._filepath.innerHTML = file.filePath;
-    this._codeMirror.doc.setValue(file.content);
+    let e = document.createElement('div');
+    e.innerHTML = file.content;
+    this._codeMirror.doc.setValue(e.innerText);
     this._refresh();
   },