diff --git a/index.js b/index.js
index 70749f4..2b5de75 100644
--- a/index.js
+++ b/index.js
@@ -53,7 +53,7 @@ function verifyToken(token) {
 	return split[0];
 }
 function sanitiseStringHTML(str) {
-	return str.replaceAll(">", "&gt;").replaceAll("<", "&lt;");
+	return str.replaceAll("&", "&amp;").replaceAll(">", "&gt;").replaceAll("<", "&lt;");
 }
 
 app.use(express.urlencoded());