diff --git a/src/main/java/kim/redbow/web/blog/Util.java b/src/main/java/kim/redbow/web/blog/Util.java
index de90a72..abc129a 100644
--- a/src/main/java/kim/redbow/web/blog/Util.java
+++ b/src/main/java/kim/redbow/web/blog/Util.java
@@ -124,4 +124,18 @@
     {
         return (new SimpleDateFormat(DATE_TIME_FMT)).format(tstmp);
     }
+
+    /**
+     * Escape special HTML characters.
+     *
+     * @param str input string
+     */
+    public static String escapeHTML(String str)
+    {
+        return str.replaceAll("&", "&amp;")
+            .replaceAll("\"", "&quot;")
+            .replaceAll("\'", "&apos;")
+            .replaceAll("<", "&lt;")
+            .replaceAll(">", "&gt;");
+    }
 }
diff --git a/src/main/webapp/manage/editpost.jsp b/src/main/webapp/manage/editpost.jsp
index 81aa0ce..d451b31 100644
--- a/src/main/webapp/manage/editpost.jsp
+++ b/src/main/webapp/manage/editpost.jsp
@@ -73,7 +73,7 @@
                             <td>
                                 <input type="text" name="title" id="title"
                                     value="<%= edit && post.title != null ? 
-                                               post.title : "" %>" />
+                                        Util.escapeHTML(post.title) : "" %>" />
                             </td>
                         </tr>
                         <tr>
