diff --git a/public/views/landing.html b/public/views/landing.html
index 2ca58e4a..5af93469 100644
--- a/public/views/landing.html
+++ b/public/views/landing.html
@@ -51,6 +51,10 @@
 
         <script src="https://unpkg.com/animejs@3.0.1/lib/anime.min.js"></script>
         <script src="https://unpkg.com/scrollreveal@4.0.0/dist/scrollreveal.min.js"></script>
+
+        <!-- xss -->
+
+        <script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script>
     </head>
     <body class="is-boxed has-animations">
         <div class="body-wrap">
@@ -138,7 +142,7 @@
                                                 }
                                             };
                                             function joinRoom() {
-                                                let roomName = document.getElementById('roomName').value;
+                                                let roomName = filterXSS(document.getElementById('roomName').value);
                                                 window.location.href = '/join/' + roomName;
                                             }
                                         </script>
diff --git a/public/views/newroom.html b/public/views/newroom.html
index bc3e5316..2abc1ceb 100755
--- a/public/views/newroom.html
+++ b/public/views/newroom.html
@@ -51,6 +51,10 @@
 
         <script src="https://unpkg.com/animejs@3.0.1/lib/anime.min.js"></script>
         <script src="https://unpkg.com/scrollreveal@4.0.0/dist/scrollreveal.min.js"></script>
+
+        <!-- xss -->
+
+        <script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script>
     </head>
     <body class="is-boxed has-animations">
         <div class="body-wrap">
@@ -137,7 +141,7 @@
                                                 }
                                             };
                                             function joinRoom() {
-                                                let roomName = document.getElementById('roomName').value;
+                                                let roomName = filterXSS(document.getElementById('roomName').value);
                                                 window.location.href = '/join/' + roomName;
                                             }
                                         </script>