diff --git a/src/Repository/AddressRepository.php b/src/Repository/AddressRepository.php
index 01e501a..75bb186 100644
--- a/src/Repository/AddressRepository.php
+++ b/src/Repository/AddressRepository.php
@@ -38,7 +38,15 @@ class AddressRepository
             $statement->execute();
             $addresses = [];
             while ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
-                $address = new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']);
+                $address = new AddressBookEntry(
+                    owner: htmlspecialchars(string: $result['owner']),
+                    first: htmlspecialchars(string: $result['first']),
+                    last: htmlspecialchars(string: $result['last']),
+                    street: htmlspecialchars(string: $result['street']),
+                    zip: htmlspecialchars(string: $result['zip']),
+                    city: htmlspecialchars(string: $result['city']),
+                    phone: htmlspecialchars(string: $result['phone']),
+                    id: htmlspecialchars(string: $result['id']));
                 $addresses[] = $address;
             }
             return $addresses;
@@ -60,7 +68,15 @@ class AddressRepository
             $statement->bindParam(param: ':id', var: $id);
             $statement->execute();
             if ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
-                return new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']);
+                return new AddressBookEntry(
+                    owner: htmlspecialchars(string: $result['owner']),
+                    first: htmlspecialchars(string: $result['first']),
+                    last: htmlspecialchars(string: $result['last']),
+                    street: htmlspecialchars(string: $result['street']),
+                    zip: htmlspecialchars(string: $result['zip']),
+                    city: htmlspecialchars(string: $result['city']),
+                    phone: htmlspecialchars(string: $result['phone']),
+                    id: htmlspecialchars(string: $result['id']));
             } else {
                 return null;
             }