diff --git a/muppet/data/html.py b/muppet/data/html.py
index e165dcfa9333210fc3340ef0899242142888271a..1b155fe8ebc688b37eae96ca26ea7b2afd1d4037 100644
--- a/muppet/data/html.py
+++ b/muppet/data/html.py
@@ -10,6 +10,7 @@ from . import (
     render,
 )
 from collections.abc import Sequence
+import html
 
 
 class HTMLRenderer(Renderer):
@@ -68,5 +69,5 @@ class HTMLRenderer(Renderer):
         return ' ' * ind.depth * 2
 
     def render_str(self, s: str) -> str:
-        """Return the given string verbatim."""
-        return s
+        """HTML escape and return the given string."""
+        return html.escape(s)