diff --git a/lib/cheat_wrapper.py b/lib/cheat_wrapper.py
index 49f5d9c..e2c20af 100644
--- a/lib/cheat_wrapper.py
+++ b/lib/cheat_wrapper.py
@@ -265,6 +265,9 @@ def _visualize(query, keyword, answers, request_options, html=None): # pylint: d
 
     return result, found
 
+def _sanitize_query(query):
+    return re.sub('[<>"]', '', query)
+
 def cheat_wrapper(query, request_options=None, html=False):
     """
     Giant megafunction that delivers cheat sheet for `query`.
@@ -297,6 +300,8 @@ def cheat_wrapper(query, request_options=None, html=False):
 
         return topic, keyword, search_options
 
+    query = _sanitize_query(query)
+
     # at the moment, we just remove trailing slashes
     # so queries python/ and python are equal
     query = _strip_hyperlink(query.rstrip('/'))