diff --git a/ui/app/index.html b/ui/app/index.html
index 148b2746a..dd66a60c0 100644
--- a/ui/app/index.html
+++ b/ui/app/index.html
@@ -43,6 +43,7 @@
     <script src="bower_components/es5-shim/es5-shim.js"></script>
     <script src="bower_components/jquery/dist/jquery.js"></script>
     <script src="bower_components/angular/angular.js"></script>
+    <script src="bower_components/angular-sanitize/angular-sanitize.js"></script>
     <script src="bower_components/bootstrap/dist/js/bootstrap.js"></script>
     <script src="bower_components/angular-ui-router/release/angular-ui-router.js"></script>
     <script src="bower_components/es6-shim/es6-shim.js"></script>
diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
index 412e8c51c..77466ae54 100644
--- a/ui/app/scripts/app.js
+++ b/ui/app/scripts/app.js
@@ -13,6 +13,7 @@ angular.module('cortex', [
         'ui.bootstrap',
         'ui-notification',
         'angularMoment',
+        'ngSanitize',
         'angularUtils.directives.dirPagination'
     ])
     .config(function(NotificationProvider) {
diff --git a/ui/app/scripts/controllers.js b/ui/app/scripts/controllers.js
index dfc4630a4..25baed434 100644
--- a/ui/app/scripts/controllers.js
+++ b/ui/app/scripts/controllers.js
@@ -8,7 +8,7 @@
  * Controller of the cortex
  */
 angular.module('cortex')
-    .controller('NavCtrl', function($q, $state, $uibModal, AnalyzerSrv, Notification) {
+    .controller('NavCtrl', function($q, $state, $uibModal, AnalyzerSrv, NotificationService) {
         this.newAnalysis = function () {
 
             AnalyzerSrv.list()
@@ -46,13 +46,13 @@ angular.module('cortex')
                             $state.go('jobs');
                         }
                         _.each(response, function(resp) {
-                            Notification.success(resp.data.analyzerId + ' started successfully on ' + (resp.data.artifact.data || resp.data.artifact.attributes.filename));
+                            NotificationService.success(resp.data.analyzerId + ' started successfully on ' + (resp.data.artifact.data || resp.data.artifact.attributes.filename));
                         });
                     });
                 });
         };
     })
-    .controller('AnalyzersCtrl', function ($state, $uibModal, $q, $log, AnalyzerSrv, Notification, analyzers) {
+    .controller('AnalyzersCtrl', function ($state, $uibModal, $q, $log, AnalyzerSrv, NotificationService, analyzers) {
         this.search = {
             description: '',
             dataTypeList: ''
@@ -82,7 +82,7 @@ angular.module('cortex')
                 return AnalyzerSrv.run(result.analyzer.id, result);
             }).then(function (response) {
                 $state.go('jobs');
-                Notification.success(response.data.analyzerId + ' started successfully on ' + response.data.artifact.data);
+                NotificationService.success(response.data.analyzerId + ' started successfully on ' + response.data.artifact.data);
             });
         };
 
@@ -136,7 +136,7 @@ angular.module('cortex')
             $uibModalInstance.dismiss('cancel');
         };
     })
-    .controller('JobsCtrl', function ($scope, $uibModal, $interval, JobSrv, AnalyzerSrv, Notification, _, analyzers) {
+    .controller('JobsCtrl', function ($scope, $uibModal, $interval, JobSrv, AnalyzerSrv, NotificationService, _, analyzers) {
         var self = this;
 
         this.analyzers = analyzers;
@@ -245,7 +245,7 @@ angular.module('cortex')
                 return JobSrv.remove(id);
             }).then(function ( /*response*/ ) {
                 self.load(1);
-                Notification.success('Job removed successfully');
+                NotificationService.success('Job removed successfully');
             });
 
         };
diff --git a/ui/app/scripts/services.js b/ui/app/scripts/services.js
index 5aad1fece..a9ef92a8a 100644
--- a/ui/app/scripts/services.js
+++ b/ui/app/scripts/services.js
@@ -1,4 +1,4 @@
-(function () {
+(function() {
     'use strict';
 
     angular.module('cortex')
@@ -16,7 +16,35 @@
             key: 'RED',
             value: 3
         }])
-        .service('AnalyzerSrv', function ($q, $http) {
+        .service('HtmlSanitizer', function($sanitize) {
+            var entityMap = {
+                "&": "&amp;",
+                "<": "&lt;",
+                ">": "&gt;",
+                '"': '&quot;',
+                "'": '&#39;',
+                "/": '&#x2F;'
+            };
+
+            this.sanitize = function(str) {
+                return $sanitize(String(str).replace(/[&<>"'\/]/g, function(s) {
+                    return entityMap[s];
+                }));
+            };
+        })
+        .service('NotificationService', function(HtmlSanitizer, Notification) {
+            this.success = function(message) {
+                var sanitized = HtmlSanitizer.sanitize(message);
+
+                return Notification.success(sanitized);
+            };
+            this.error = function(message) {
+                var sanitized = HtmlSanitizer.sanitize(message);
+
+                return Notification.error(sanitized);
+            };
+        })
+        .service('AnalyzerSrv', function($q, $http) {
             var self = this;
 
             this.analyzers = null;
@@ -26,32 +54,32 @@
                 return this.dataTypes;
             };
 
-            this.list = function () {
+            this.list = function() {
                 var defered = $q.defer();
 
-                if(this.analyzers === null) {
+                if (this.analyzers === null) {
                     $http.get('/api/analyzer')
-                    .then(function (response) {
-                        self.analyzers = response.data;
-
-                        self.dataTypes = _.mapObject(
-                            _.groupBy(
-                                _.flatten(
-                                    _.pluck(response.data, 'dataTypeList')
+                        .then(function(response) {
+                            self.analyzers = response.data;
+
+                            self.dataTypes = _.mapObject(
+                                _.groupBy(
+                                    _.flatten(
+                                        _.pluck(response.data, 'dataTypeList')
+                                    ),
+                                    function(item) {
+                                        return item;
+                                    }
                                 ),
-                                function(item){
-                                    return item;
+                                function(value /*, key*/ ) {
+                                    return value.length;
                                 }
-                            ),
-                            function(value/*, key*/){
-                                return value.length;
-                            }
-                        );
-
-                        defered.resolve(response.data);
-                    }, function(response) {
-                        defered.reject(response);
-                    });
+                            );
+
+                            defered.resolve(response.data);
+                        }, function(response) {
+                            defered.reject(response);
+                        });
                 } else {
                     defered.resolve(this.analyzers);
                 }
@@ -59,7 +87,7 @@
                 return defered.promise;
             };
 
-            this.run = function (id, artifact) {
+            this.run = function(id, artifact) {
                 var postData;
 
                 if (artifact.dataType === 'file') {
@@ -75,12 +103,12 @@
                         headers: {
                             'Content-Type': undefined
                         },
-                        transformRequest: function (data) {
+                        transformRequest: function(data) {
                             var formData = new FormData(),
                                 copy = angular.copy(data, {}),
                                 _json = {};
 
-                            angular.forEach(data, function (value, key) {
+                            angular.forEach(data, function(value, key) {
                                 if (Object.getPrototypeOf(value) instanceof Blob || Object.getPrototypeOf(value) instanceof File) {
                                     formData.append(key, value);
                                     delete copy[key];
@@ -110,18 +138,18 @@
             };
 
         })
-        .service('JobSrv', function ($http) {
-            this.list = function (params) {
+        .service('JobSrv', function($http) {
+            this.list = function(params) {
                 return $http.get('/api/job', {
                     params: params
                 });
             };
 
-            this.report = function (jobId) {
+            this.report = function(jobId) {
                 return $http.get('/api/job/' + jobId + '/report');
             };
 
-            this.remove = function (jobId) {
+            this.remove = function(jobId) {
                 return $http.delete('/api/job/' + jobId);
             };
         })
@@ -152,7 +180,7 @@
         })
         .filter('fang', function(UtilsSrv) {
             return function(value) {
-                if(!value) {
+                if (!value) {
                     return '';
                 }
 
diff --git a/ui/bower.json b/ui/bower.json
index 67fa46ce8..3fdb8d93c 100644
--- a/ui/bower.json
+++ b/ui/bower.json
@@ -3,6 +3,7 @@
   "version": "1.0.2",
   "dependencies": {
     "angular": "1.5.10",
+    "angular-sanitize": "1.5.10",
     "bootstrap": "~3.3.7",
     "angular-ui-router": "~0.3.1",
     "es5-shim": "^4.5.9",
diff --git a/ui/test/karma.conf.js b/ui/test/karma.conf.js
index c9655bbca..e9923cd49 100644
--- a/ui/test/karma.conf.js
+++ b/ui/test/karma.conf.js
@@ -23,6 +23,7 @@ module.exports = function(config) {
       'bower_components/es5-shim/es5-shim.js',
       'bower_components/jquery/dist/jquery.js',
       'bower_components/angular/angular.js',
+      'bower_components/angular-sanitize/angular-sanitize.js',
       'bower_components/bootstrap/dist/js/bootstrap.js',
       'bower_components/angular-ui-router/release/angular-ui-router.js',
       'bower_components/es6-shim/es6-shim.js',