diff --git a/lib/banzai/filter/milestone_reference_filter.rb b/lib/banzai/filter/milestone_reference_filter.rb
index 556087c488077176aa42c931f8871d0ffd3b5856..aea1abf3b8ed8a1ac409047d17ac6f5204527df1 100644
--- a/lib/banzai/filter/milestone_reference_filter.rb
+++ b/lib/banzai/filter/milestone_reference_filter.rb
@@ -39,7 +39,7 @@ module Banzai
         if context[:project] == object.project
           super
         else
-          "#{super} <i>in #{escape_once(object.project.name_with_namespace)}</i>".
+          "#{escape_once(super)} <i>in #{escape_once(object.project.name_with_namespace)}</i>".
             html_safe
         end
       end
diff --git a/spec/lib/banzai/filter/milestone_reference_filter_spec.rb b/spec/lib/banzai/filter/milestone_reference_filter_spec.rb
index 26f87286b2c94ffaa7c5a6bb94532a3a8ab65184..ac3e6e4e536ec854d9ad6c997b33f758acae284e 100644
--- a/spec/lib/banzai/filter/milestone_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/milestone_reference_filter_spec.rb
@@ -176,5 +176,11 @@ describe Banzai::Filter::MilestoneReferenceFilter, lib: true do
     it 'contains cross project content' do
       expect(result.css('a').first.text).to eq "#{milestone.name} in #{project_name}"
     end
+
+    it 'escapes the name attribute' do
+      allow_any_instance_of(Milestone).to receive(:title).and_return(%{"></a>whatever<a title="})
+      doc = reference_filter("See #{reference}")
+      expect(doc.css('a').first.text).to eq "#{milestone.name} in #{project_name}"
+    end
   end
 end