diff --git a/src/static/js/chat.js b/src/static/js/chat.js
index 42800a83c..1d16e75bf 100755
--- a/src/static/js/chat.js
+++ b/src/static/js/chat.js
@@ -194,7 +194,7 @@ exports.chat = (() => {
                   .append($('<span>').addClass('author-name').text(ctx.authorName))
                   // ctx.text was HTML-escaped before calling the hook. Hook functions are trusted
                   // to not introduce an XSS vulnerability by adding unescaped user input.
-                  .append(ctx.text),
+                  .append($('<div>').html(ctx.text).contents()),
               sticky: ctx.sticky,
               time: 5000,
               position: 'bottom',