diff --git a/services/web/app/coffee/Features/Subscription/SubscriptionViewModelBuilder.coffee b/services/web/app/coffee/Features/Subscription/SubscriptionViewModelBuilder.coffee
index d08cfa5c16..62b516d4f1 100644
--- a/services/web/app/coffee/Features/Subscription/SubscriptionViewModelBuilder.coffee
+++ b/services/web/app/coffee/Features/Subscription/SubscriptionViewModelBuilder.coffee
@@ -7,6 +7,7 @@ SubscriptionLocator = require("./SubscriptionLocator")
 V1SubscriptionManager = require("./V1SubscriptionManager")
 InstitutionsGetter = require("../Institutions/InstitutionsGetter")
 PublishersGetter = require("../Publishers/PublishersGetter")
+sanitizeHtml = require 'sanitize-html'
 logger = require('logger-sharelatex')
 _ = require("underscore")
 async = require('async')
@@ -94,6 +95,9 @@ module.exports =
 					trial_ends_at: recurlySubscription.trial_ends_at
 				}
 
+			for memberGroupSubscription in memberGroupSubscriptions
+				memberGroupSubscription.teamNotice = sanitizeHtml(memberGroupSubscription.teamNotice)
+
 			callback null, {
 				personalSubscription,
 				managedGroupSubscriptions,
diff --git a/services/web/app/views/subscriptions/dashboard/_group_memberships.pug b/services/web/app/views/subscriptions/dashboard/_group_memberships.pug
index d8d468c79a..b49d6a9729 100644
--- a/services/web/app/views/subscriptions/dashboard/_group_memberships.pug
+++ b/services/web/app/views/subscriptions/dashboard/_group_memberships.pug
@@ -8,7 +8,8 @@ div(ng-controller="GroupMembershipController")
 					+teamName(groupSubscription)
 				- if (groupSubscription.teamNotice && groupSubscription.teamNotice != '')
 					p
-						em= groupSubscription.teamNotice
+						//- Team notice is sanitized in SubscriptionViewModelBuilder
+						em !{groupSubscription.teamNotice}
 				span 
 					button.btn.btn-danger.text-capitalise(ng-click="removeSelfFromGroup('"+groupSubscription.admin_id._id+"')") #{translate("leave_group")}
 			hr