HTML injection prevention

[lizconlan]

Where the term is repeated on the page, it needs to be propery escaped to prevent HTML/Javascript from being embedded