diff --git a/js/lib/__tests__/escape.test.js b/js/lib/__tests__/escape.test.js
new file mode 100644
index 00000000..9dc2d5fe
--- /dev/null
+++ b/js/lib/__tests__/escape.test.js
@@ -0,0 +1,21 @@
+import escape from '../escape'
+describe('escape', () => {
+  const htmlEscapes = {
+    '&': '&',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#x27;',
+    '/': '&#x2F;',
+  }
+  it('should escape each character', () => {
+    for (let [char, escapedChar] of Object.entries(htmlEscapes)) {
+      expect(escape(char)).toBe(escapedChar)
+    }
+  })
+  it('should escape multiple characters', () => {
+    expect(escape('& and < and > and " and \' and /')).toBe(
+      '&amp; and &lt; and &gt; and &quot; and &#x27; and &#x2F;'
+    )
+  })
+})
diff --git a/js/lib/escape.js b/js/lib/escape.js
new file mode 100644
index 00000000..b72103c4
--- /dev/null
+++ b/js/lib/escape.js
@@ -0,0 +1,20 @@
+// https://stackoverflow.com/a/6020820
+
+// List of HTML entities for escaping.
+const htmlEscapes = {
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#x27;',
+  '/': '&#x2F;',
+}
+
+const htmlEscaper = /[&<>"'\/]/g
+
+// Escape a string for HTML interpolation.
+const escape = string => {
+  return ('' + string).replace(htmlEscaper, match => htmlEscapes[match])
+}
+
+export default escape