diff --git a/utils.cpp b/utils.cpp
index 3df6306..7783e6d 100644
--- a/utils.cpp
+++ b/utils.cpp
@@ -46,6 +46,12 @@ std::string utils::html_xss(std::string_view str)
 		case '%':
 			result += "%";
 			break;
+		case '\'':
+			result += "'";
+			break;
+		case '&':
+			result += "&";
+			break;
 		default:
 			result += c;
 		}
@@ -93,7 +99,7 @@ std::vector<std::string> utils::split(const std::string &str, char delim)
 // TODO: can easily break if we pass a regex here
 std::vector<std::string> utils::split(const std::string &str, const std::string &delim)
 {
-	std::regex regex { delim + "+" };
+	std::regex regex{delim + "+"};
 	return split(str, regex);
 }