diff --git a/web/src/endpoints/clothing/mod.rs b/web/src/endpoints/clothing/mod.rs
index df3152ed..d0815778 100644
--- a/web/src/endpoints/clothing/mod.rs
+++ b/web/src/endpoints/clothing/mod.rs
@@ -28,14 +28,6 @@ struct ReadClothingPartialTemplate {
 
 #[derive(Deserialize, Validate)]
 struct NewOrEditClothingForm {
-    #[garde(length(min=3), custom(alphanumeric_or_space))]
+    #[garde(length(min=3))]
     name: String,
 }
-
-fn alphanumeric_or_space(value: &str, _context: &()) -> garde::Result {
-    if value.chars().all(|c| c.is_alphanumeric() || c == ' ') {
-        return Ok(())
-    } else {
-        return Err(garde::Error::new("Eingabe enthält unerlaubte Zeichen. Erlaubt sind Buchstaben, Zahlen und Leerzeichen."));
-    }
-}
diff --git a/web/src/filters.rs b/web/src/filters.rs
index 15b60b0b..7cb91330 100644
--- a/web/src/filters.rs
+++ b/web/src/filters.rs
@@ -29,7 +29,8 @@ where
     T: Display,
 {
     if let Some(val) = option {
-        let s = format!(r#"value="{val}""#);
+        let escaped = escape_html(val.to_string());
+        let s = format!(r#"value="{escaped}""#);
         return Ok(s);
     }
 
@@ -94,3 +95,14 @@ pub fn fmt_time(v: &NaiveTime, format: DateTimeFormat) -> askama::Result<String>
 
     Ok(v.format(format_string).to_string())
 }
+
+fn escape_html(string: String) -> String {
+    let s = string
+        .replace('&', "&amp;")
+        .replace('<', "&lt;")
+        .replace('>', "&gt;")
+        .replace('"', "&quot;")
+        .replace('\'', "&#x27;");
+
+    s
+}