diff --git a/assets/js/chat/Base.js b/assets/js/chat/Base.js
index b78183f..f264f01 100644
--- a/assets/js/chat/Base.js
+++ b/assets/js/chat/Base.js
@@ -1,7 +1,12 @@
+function escapeHtml(text) {
+    return text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+
 function getUserName(){
     //check if current page is waiting room without function
     if (window.location.href.indexOf("waiting-room") > -1) {
         name = 'user';
+        name = escapeHtml(name);
         name = name.replace(/\[/g, '\\[').replace(/\]/g, '\\]');
         var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
         var results = regex.exec(location.search);
@@ -139,8 +144,4 @@ $(document).ready(function() {
             }
         });
     })
-});
-
-function escapeHtml(text) {
-    return text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
-}
\ No newline at end of file
+});
\ No newline at end of file
diff --git a/assets/js/chat/waiting_room.js b/assets/js/chat/waiting_room.js
index 3db4318..1f36e94 100644
--- a/assets/js/chat/waiting_room.js
+++ b/assets/js/chat/waiting_room.js
@@ -1,5 +1,10 @@
+function escapeHtml(text) {
+    return text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+
 $(document).ready(function(){
     function getUrlParameter(name) {
+        name = escapeHtml(name);
         name = name.replace(/\[/g, '\\[').replace(/\]/g, '\\]');
         var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
         var results = regex.exec(location.search);