diff --git a/src/CmsSearchComponent.php b/src/CmsSearchComponent.php
index b5b4c31..239ebfe 100644
--- a/src/CmsSearchComponent.php
+++ b/src/CmsSearchComponent.php
@@ -142,6 +142,8 @@ public function getSearchQuery()
         if (!$query = (string)\Yii::$app->request->get($this->searchQueryParamName)) {
             $query = (string)\Yii::$app->request->post($this->searchQueryParamName);
         }
+        $query = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
+
         return $query;
     }