diff --git a/packages/rocketchat-message-snippet/client/messageType.js b/packages/rocketchat-message-snippet/client/messageType.js
index f6fa6da3399f..c1f1573a3d78 100644
--- a/packages/rocketchat-message-snippet/client/messageType.js
+++ b/packages/rocketchat-message-snippet/client/messageType.js
@@ -4,7 +4,7 @@ Meteor.startup(function() {
 		system: true,
 		message: 'Snippeted_a_message',
 		data(message) {
-			const snippetLink = `<a href="/snippet/${ message.snippetId }/${ message.snippetName }">${ message.snippetName }</a>`;
+			const snippetLink = `<a href="/snippet/${ message.snippetId }/${ encodeURIComponent(message.snippetName) }">${ _.escapeHTML(message.snippetName) }</a>`;
 			return { snippetLink };
 		}
 	});
diff --git a/packages/rocketchat-message-snippet/client/tabBar/views/snippetMessage.js b/packages/rocketchat-message-snippet/client/tabBar/views/snippetMessage.js
index 2f4d0967e5ed..323c71c91ff7 100644
--- a/packages/rocketchat-message-snippet/client/tabBar/views/snippetMessage.js
+++ b/packages/rocketchat-message-snippet/client/tabBar/views/snippetMessage.js
@@ -13,6 +13,6 @@ Template.snippetMessage.helpers({
 		}
 	},
 	body() {
-		return `<a href="/snippet/${ this._id }/${ this.snippetName }">${ this.snippetName }</a>`;
+		return `<a href="/snippet/${ this._id }/${ encodeURIComponent(this.snippetName) }">${ _.escapeHTML(this.snippetName) }</a>`;
 	}
 });