diff --git a/main.go b/main.go
index 34d2b0b..fd472a9 100644
--- a/main.go
+++ b/main.go
@@ -219,7 +219,7 @@ func (h *handler) ProcessPost(event *models.Event) error {
 			handle, _ := h.bsky.GetHandleFromDID(strings.Split(ps.Embed.Record.Record.URI, "/")[2])
 			captionText = fmt.Sprintf(
 				quotePostFormat,
-				facets,
+				escapeHTML(facets),
 				strings.Split(ps.Embed.Record.Record.URI, "/")[2],
 				strings.Split(ps.Embed.Record.Record.URI, "/")[4],
 				handle,
@@ -230,7 +230,7 @@ func (h *handler) ProcessPost(event *models.Event) error {
 			handle, _ := h.bsky.GetHandleFromDID(strings.Split(ps.Embed.Record.URI, "/")[2])
 			captionText = fmt.Sprintf(
 				quotePostFormat,
-				facets,
+				escapeHTML(facets),
 				strings.Split(ps.Embed.Record.URI, "/")[2],
 				strings.Split(ps.Embed.Record.URI, "/")[4],
 				handle,
@@ -246,7 +246,7 @@ func (h *handler) ProcessPost(event *models.Event) error {
 			ownHandle = h.bsky.Bluesky.Cfg.Handle
 		}
 		if facets != "" {
-			captionText = fmt.Sprintf(postFormat, facets, h.bsky.Bluesky.Cfg.DID, event.Commit.RKey, ownHandle)
+			captionText = fmt.Sprintf(postFormat, escapeHTML(facets), h.bsky.Bluesky.Cfg.DID, event.Commit.RKey, ownHandle)
 		} else {
 			captionText = fmt.Sprintf("<a href=\"https://bsky.app/profile/%s/post/%s\">🦋 @%s</a>", h.bsky.Bluesky.Cfg.DID, event.Commit.RKey, ownHandle)
 		}
@@ -328,7 +328,7 @@ func (h *handler) ProcessPost(event *models.Event) error {
 	} else {
 		m := tgbotapi.MessageConfig{}
 		if captionText == "" {
-			m = tgbotapi.NewMessage(cid, fmt.Sprintf(postFormat, facets, h.bsky.Bluesky.Cfg.DID, event.Commit.RKey, h.bsky.Bluesky.Cfg.Handle))
+			m = tgbotapi.NewMessage(cid, fmt.Sprintf(postFormat, escapeHTML(facets), h.bsky.Bluesky.Cfg.DID, event.Commit.RKey, h.bsky.Bluesky.Cfg.Handle))
 		} else {
 			m = tgbotapi.NewMessage(cid, captionText)
 		}
@@ -360,6 +360,16 @@ func (h *handler) ProcessPost(event *models.Event) error {
 	return nil
 }
 
+func escapeHTML(text string) string {
+	// Escape HTML special characters so they display literally
+	replacements := strings.NewReplacer(
+		"&", "&amp;",
+		"<", "&lt;",
+		">", "&gt;",
+	)
+	return replacements.Replace(text)
+}
+
 func buildBlobURL(server string, did string, cid string) string {
 	return server + "/xrpc/com.atproto.sync.getBlob?did=" + url.QueryEscape(did) + "&cid=" + cid
 }