diff --git a/services/web/app/coffee/Features/Helpers/StringHelper.coffee b/services/web/app/coffee/Features/Helpers/StringHelper.coffee
new file mode 100644
index 0000000000..f13c5afa3a
--- /dev/null
+++ b/services/web/app/coffee/Features/Helpers/StringHelper.coffee
@@ -0,0 +1,18 @@
+JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/g
+
+JSON_ESCAPE =
+	'&': '\\u0026'
+	'>': '\\u003e'
+	'<': '\\u003c'
+	'\u2028': '\\u2028'
+	'\u2029': '\\u2029'
+
+module.exports = StringHelper =
+	# stringifies and escapes a json object for use in a script. This ensures that &, < and > characters are escaped,
+	# along with quotes. This ensures that the string can be safely rendered into HTML. See rationale at:
+	# https://api.rubyonrails.org/classes/ERB/Util.html#method-c-json_escape
+	# and implementation lifted from:
+	# https://github.com/ember-fastboot/fastboot/blob/cafd96c48564d8384eb83dc908303dba8ece10fd/src/ember-app.js#L496-L510
+	stringifyJsonForScript: (object) ->
+		return JSON.stringify(object).replace JSON_ESCAPE_REGEXP, (match) ->
+			return JSON_ESCAPE[match]
diff --git a/services/web/app/coffee/infrastructure/ExpressLocals.coffee b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
index 2eb51b9bf8..2a82b9ed34 100644
--- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee
+++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
@@ -226,6 +226,10 @@ module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
 			return email
 		next()
 
+	webRouter.use (req, res, next) ->
+		res.locals.StringHelper = require('../Features/Helpers/StringHelper')
+		next()
+
 	webRouter.use (req, res, next)->
 		res.locals.formatProjectPublicAccessLevel = (privilegeLevel)->
 			formatedPrivileges = private:"Private", readOnly:"Public: Read Only", readAndWrite:"Public: Read and Write"