diff --git a/plugins/virtuoso/lib/ext/literal.rb b/plugins/virtuoso/lib/ext/literal.rb
index 9ab34b0..b786720 100644
--- a/plugins/virtuoso/lib/ext/literal.rb
+++ b/plugins/virtuoso/lib/ext/literal.rb
@@ -1,7 +1,9 @@
 class RDF::Literal
 
+  include ActionView::Helpers::SanitizeHelper
+
   def to_liquid
-    value
+    strip_tags(value)
   end
 
 end
diff --git a/plugins/virtuoso/test/unit/triples_template_test.rb b/plugins/virtuoso/test/unit/triples_template_test.rb
index f35be7d..ed20532 100644
--- a/plugins/virtuoso/test/unit/triples_template_test.rb
+++ b/plugins/virtuoso/test/unit/triples_template_test.rb
@@ -38,4 +38,13 @@ class TriplesTemplateTest < ActiveSupport::TestCase
     assert_match /<p style="color:red">World<\/p>/, content
   end
 
+  should 'do not allow js injection' do
+    article.stubs(:plugin).returns(mock)
+    article.plugin.expects(:virtuoso_client).at_least_once.returns(mock)
+    article.plugin.virtuoso_client.expects(:query).returns([{'var' => RDF::Literal.new('<script>alert("hello");</script>')}])
+    article.template = "{% for row in results %}{{row.var}}{% endfor %}"
+
+    assert_no_match /<script>/, article.template_content
+  end
+
 end
--
libgit2 0.21.2