diff --git a/app/main/request.ts b/app/main/request.ts
index 7931d715..f6254855 100644
--- a/app/main/request.ts
+++ b/app/main/request.ts
@@ -4,7 +4,6 @@ import path from 'path';
 import stream from 'stream';
 import util from 'util';
 
-import escape from 'escape-html';
 import getStream from 'get-stream';
 
 import {ServerConf} from '../renderer/js/utils/domain-util';
@@ -73,7 +72,7 @@ export const _getServerSettings = async (domain: string, session: Electron.sessi
 		// Following check handles both the cases
 		icon: realm_icon.startsWith('/') ? realm_uri + realm_icon : realm_icon,
 		url: realm_uri,
-		alias: escape(realm_name)
+		alias: realm_name
 	};
 };
 
diff --git a/app/renderer/about.html b/app/renderer/about.html
index eae9d709..b0324ef6 100644
--- a/app/renderer/about.html
+++ b/app/renderer/about.html
@@ -26,7 +26,7 @@
 
             const { app } = require('electron').remote;
             const version_tag = document.querySelector('#version');
-            version_tag.innerHTML = 'v' + app.getVersion();
+            version_tag.textContent = 'v' + app.getVersion();
         </script>
         <script>require('./js/shared/preventdrag.js')</script>
     </body>
diff --git a/app/renderer/js/components/base.ts b/app/renderer/js/components/base.ts
index abe796e0..bdb7475c 100644
--- a/app/renderer/js/components/base.ts
+++ b/app/renderer/js/components/base.ts
@@ -1,7 +1,7 @@
 export default class BaseComponent {
-	generateNodeFromTemplate(template: string): Element | null {
+	generateNodeFromHTML(html: string): Element | null {
 		const wrapper = document.createElement('div');
-		wrapper.innerHTML = template;
+		wrapper.innerHTML = html;
 		return wrapper.firstElementChild;
 	}
 }
diff --git a/app/renderer/js/components/functional-tab.ts b/app/renderer/js/components/functional-tab.ts
index 5b507ec5..1e4465d1 100644
--- a/app/renderer/js/components/functional-tab.ts
+++ b/app/renderer/js/components/functional-tab.ts
@@ -1,3 +1,5 @@
+import {htmlEscape} from 'escape-goat';
+
 import Tab, {TabProps} from './tab';
 
 export default class FunctionalTab extends Tab {
@@ -8,19 +10,21 @@ export default class FunctionalTab extends Tab {
 		this.init();
 	}
 
-	template(): string {
-		return `<div class="tab functional-tab" data-tab-id="${this.props.tabIndex}">
-					<div class="server-tab-badge close-button">
-						<i class="material-icons">close</i>
-					</div>
-					<div class="server-tab">
-						<i class="material-icons">${this.props.materialIcon}</i>
-					</div>
-				</div>`;
+	templateHTML(): string {
+		return htmlEscape`
+			<div class="tab functional-tab" data-tab-id="${this.props.tabIndex}">
+				<div class="server-tab-badge close-button">
+					<i class="material-icons">close</i>
+				</div>
+				<div class="server-tab">
+					<i class="material-icons">${this.props.materialIcon}</i>
+				</div>
+			</div>
+		`;
 	}
 
 	init(): void {
-		this.$el = this.generateNodeFromTemplate(this.template());
+		this.$el = this.generateNodeFromHTML(this.templateHTML());
 		if (this.props.name !== 'Settings') {
 			this.props.$root.append(this.$el);
 			this.$closeButton = this.$el.querySelectorAll('.server-tab-badge')[0];
diff --git a/app/renderer/js/components/server-tab.ts b/app/renderer/js/components/server-tab.ts
index 786f5e81..76f3a744 100644
--- a/app/renderer/js/components/server-tab.ts
+++ b/app/renderer/js/components/server-tab.ts
@@ -1,5 +1,7 @@
 import {ipcRenderer} from 'electron';
 
+import {htmlEscape} from 'escape-goat';
+
 import * as SystemUtil from '../utils/system-util';
 
 import Tab, {TabProps} from './tab';
@@ -12,19 +14,21 @@ export default class ServerTab extends Tab {
 		this.init();
 	}
 
-	template(): string {
-		return `<div class="tab" data-tab-id="${this.props.tabIndex}">
-					<div class="server-tooltip" style="display:none">${this.props.name}</div>
-					<div class="server-tab-badge"></div>
-					<div class="server-tab">
-					<img class="server-icons" src='${this.props.icon}'/>
-					</div>
-					<div class="server-tab-shortcut">${this.generateShortcutText()}</div>
-				</div>`;
+	templateHTML(): string {
+		return htmlEscape`
+			<div class="tab" data-tab-id="${this.props.tabIndex}">
+				<div class="server-tooltip" style="display:none">${this.props.name}</div>
+				<div class="server-tab-badge"></div>
+				<div class="server-tab">
+					<img class="server-icons" src="${this.props.icon}"/>
+				</div>
+				<div class="server-tab-shortcut">${this.generateShortcutText()}</div>
+			</div>
+		`;
 	}
 
 	init(): void {
-		this.$el = this.generateNodeFromTemplate(this.template());
+		this.$el = this.generateNodeFromHTML(this.templateHTML());
 		this.props.$root.append(this.$el);
 		this.registerListeners();
 		this.$badge = this.$el.querySelectorAll('.server-tab-badge')[0];
@@ -33,7 +37,7 @@ export default class ServerTab extends Tab {
 	updateBadge(count: number): void {
 		if (count > 0) {
 			const formattedCount = count > 999 ? '1K+' : count.toString();
-			this.$badge.innerHTML = formattedCount;
+			this.$badge.textContent = formattedCount;
 			this.$badge.classList.add('active');
 		} else {
 			this.$badge.classList.remove('active');
diff --git a/app/renderer/js/components/webview.ts b/app/renderer/js/components/webview.ts
index ea0c09cd..cefb8f7b 100644
--- a/app/renderer/js/components/webview.ts
+++ b/app/renderer/js/components/webview.ts
@@ -2,6 +2,8 @@ import {ipcRenderer, remote} from 'electron';
 import fs from 'fs';
 import path from 'path';
 
+import {htmlEscape} from 'escape-goat';
+
 import * as ConfigUtil from '../utils/config-util';
 import * as SystemUtil from '../utils/system-util';
 
@@ -50,25 +52,27 @@ export default class WebView extends BaseComponent {
 		this.$webviewsContainer = document.querySelector('#webviews-container').classList;
 	}
 
-	template(): string {
-		return `<webview
-					class="disabled"
-					data-tab-id="${this.props.tabIndex}"
-					src="${this.props.url}"
-					${this.props.nodeIntegration ? 'nodeIntegration' : ''}
-					${this.props.preload ? 'preload="js/preload.js"' : ''}
-					partition="persist:webviewsession"
-					name="${this.props.name}"
-					webpreferences="
-						${this.props.nodeIntegration ? '' : 'contextIsolation,'}
-						${ConfigUtil.getConfigItem('enableSpellchecker') ? 'spellcheck,' : ''}
-						javascript
-					">
-				</webview>`;
+	templateHTML(): string {
+		return htmlEscape`
+			<webview
+				class="disabled"
+				data-tab-id="${this.props.tabIndex}"
+				src="${this.props.url}"
+				` + (this.props.nodeIntegration ? 'nodeIntegration' : '') + htmlEscape`
+				` + (this.props.preload ? 'preload="js/preload.js"' : '') + htmlEscape`
+				partition="persist:webviewsession"
+				name="${this.props.name}"
+				webpreferences="
+					${this.props.nodeIntegration ? '' : 'contextIsolation,'}
+					${ConfigUtil.getConfigItem('enableSpellchecker') ? 'spellcheck,' : ''}
+					javascript
+				">
+			</webview>
+		`;
 	}
 
 	init(): void {
-		this.$el = this.generateNodeFromTemplate(this.template()) as Electron.WebviewTag;
+		this.$el = this.generateNodeFromHTML(this.templateHTML()) as Electron.WebviewTag;
 		this.domReady = new Promise(resolve => {
 			this.$el.addEventListener('dom-ready', () => resolve(), true);
 		});
diff --git a/app/renderer/js/main.ts b/app/renderer/js/main.ts
index 375cf32e..a2642596 100644
--- a/app/renderer/js/main.ts
+++ b/app/renderer/js/main.ts
@@ -2,7 +2,6 @@ import {ipcRenderer, remote, clipboard} from 'electron';
 import path from 'path';
 
 import isDev from 'electron-is-dev';
-import escape from 'escape-html';
 
 import * as Messages from '../../resources/messages';
 
@@ -10,7 +9,6 @@ import FunctionalTab from './components/functional-tab';
 import ServerTab from './components/server-tab';
 import WebView from './components/webview';
 import {feedbackHolder} from './feedback';
-import * as CommonUtil from './utils/common-util';
 import * as ConfigUtil from './utils/config-util';
 import * as DNDUtil from './utils/dnd-util';
 import type {DNDSettings} from './utils/dnd-util';
@@ -125,7 +123,7 @@ class ServerManagerView {
 
 		this.$fullscreenPopup = document.querySelector('#fullscreen-popup');
 		this.$fullscreenEscapeKey = process.platform === 'darwin' ? '^⌘F' : 'F11';
-		this.$fullscreenPopup.innerHTML = `Press ${this.$fullscreenEscapeKey} to exit full screen`;
+		this.$fullscreenPopup.textContent = `Press ${this.$fullscreenEscapeKey} to exit full screen`;
 
 		this.loading = new Set();
 		this.activeTabIndex = -1;
@@ -358,7 +356,7 @@ class ServerManagerView {
 		this.tabs.push(new ServerTab({
 			role: 'server',
 			icon: server.icon,
-			name: CommonUtil.decodeString(server.alias),
+			name: server.alias,
 			$root: this.$tabsContainer,
 			onClick: this.activateLastTab.bind(this, index),
 			index,
@@ -371,7 +369,7 @@ class ServerManagerView {
 				tabIndex,
 				url: server.url,
 				role: 'server',
-				name: CommonUtil.decodeString(server.alias),
+				name: server.alias,
 				hasPermission: (origin: string, permission: string) =>
 					origin === server.url && permission === 'notifications',
 				isActive: () => index === this.activeTabIndex,
@@ -499,7 +497,7 @@ class ServerManagerView {
 	}
 
 	onHover(index: number): void {
-		// `this.$serverIconTooltip[index].innerHTML` already has realm name, so we are just
+		// `this.$serverIconTooltip[index].textContent` already has realm name, so we are just
 		// removing the style.
 		this.$serverIconTooltip[index].removeAttribute('style');
 		// To handle position of servers' tooltip due to scrolling of list of organizations
@@ -684,8 +682,8 @@ class ServerManagerView {
 		this.functionalTabs.clear();
 
 		// Clear DOM elements
-		this.$tabsContainer.innerHTML = '';
-		this.$webviewsContainer.innerHTML = '';
+		this.$tabsContainer.textContent = '';
+		this.$webviewsContainer.textContent = '';
 	}
 
 	async reloadView(): Promise<void> {
@@ -929,11 +927,11 @@ class ServerManagerView {
 				if (domain.url.includes(serverURL)) {
 					const serverTooltipSelector = '.tab .server-tooltip';
 					const serverTooltips = document.querySelectorAll(serverTooltipSelector);
-					serverTooltips[index].innerHTML = escape(realmName);
-					this.tabs[index].props.name = escape(realmName);
+					serverTooltips[index].textContent = realmName;
+					this.tabs[index].props.name = realmName;
 					this.tabs[index].webview.props.name = realmName;
 
-					domain.alias = escape(realmName);
+					domain.alias = realmName;
 					DomainUtil.updateDomain(index, domain);
 					// Update the realm name also on the Window menu
 					ipcRenderer.send('update-menu', {
diff --git a/app/renderer/js/pages/preference/add-certificate.ts b/app/renderer/js/pages/preference/add-certificate.ts
index 12c00e39..80a1bc10 100644
--- a/app/renderer/js/pages/preference/add-certificate.ts
+++ b/app/renderer/js/pages/preference/add-certificate.ts
@@ -1,6 +1,8 @@
 import {remote, OpenDialogOptions} from 'electron';
 import path from 'path';
 
+import {htmlEscape} from 'escape-goat';
+
 import BaseComponent from '../../components/base';
 import * as CertificateUtil from '../../utils/certificate-util';
 import * as DomainUtil from '../../utils/domain-util';
@@ -24,8 +26,8 @@ export default class AddCertificate extends BaseComponent {
 		this._certFile = '';
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
 			<div class="settings-card certificates-card">
 				<div class="certificate-input">
 					<div>${t.__('Organization URL')}</div>
@@ -40,7 +42,7 @@ export default class AddCertificate extends BaseComponent {
 	}
 
 	init(): void {
-		this.$addCertificate = this.generateNodeFromTemplate(this.template());
+		this.$addCertificate = this.generateNodeFromHTML(this.templateHTML());
 		this.props.$root.append(this.$addCertificate);
 		this.addCertificateButton = this.$addCertificate.querySelector('#add-certificate-button');
 		this.serverUrl = this.$addCertificate.querySelectorAll('input.setting-input-value')[0] as HTMLInputElement;
diff --git a/app/renderer/js/pages/preference/base-section.ts b/app/renderer/js/pages/preference/base-section.ts
index 8276b82d..1d76ed5d 100644
--- a/app/renderer/js/pages/preference/base-section.ts
+++ b/app/renderer/js/pages/preference/base-section.ts
@@ -1,6 +1,6 @@
 import {ipcRenderer} from 'electron';
 
-import escape from 'escape-html';
+import {htmlEscape} from 'escape-goat';
 
 import BaseComponent from '../../components/base';
 
@@ -15,9 +15,9 @@ export default class BaseSection extends BaseComponent {
 	generateSettingOption(props: BaseSectionProps): void {
 		const {$element, disabled, value, clickHandler} = props;
 
-		$element.innerHTML = '';
+		$element.textContent = '';
 
-		const $optionControl = this.generateNodeFromTemplate(this.generateOptionTemplate(value, disabled));
+		const $optionControl = this.generateNodeFromHTML(this.generateOptionHTML(value, disabled));
 		$element.append($optionControl);
 
 		if (!disabled) {
@@ -25,39 +25,39 @@ export default class BaseSection extends BaseComponent {
 		}
 	}
 
-	generateOptionTemplate(settingOption: boolean, disabled?: boolean): string {
-		const label = disabled ? '<label class="disallowed" title="Setting locked by system administrator."/>' : '<label/>';
+	generateOptionHTML(settingOption: boolean, disabled?: boolean): string {
+		const labelHTML = disabled ? '<label class="disallowed" title="Setting locked by system administrator."></label>' : '<label></label>';
 		if (settingOption) {
-			return `
+			return htmlEscape`
 				<div class="action">
 					<div class="switch">
-					  <input class="toggle toggle-round" type="checkbox" checked disabled>
-					  ${label}
+						<input class="toggle toggle-round" type="checkbox" checked disabled>
+						` + labelHTML + htmlEscape`
 					</div>
 				</div>
 			`;
 		}
 
-		return `
-				<div class="action">
-					<div class="switch">
-					  <input class="toggle toggle-round" type="checkbox">
-					  ${label}
-					</div>
+		return htmlEscape`
+			<div class="action">
+				<div class="switch">
+					<input class="toggle toggle-round" type="checkbox">
+					` + labelHTML + htmlEscape`
 				</div>
-			`;
+			</div>
+		`;
 	}
 
 	/* A method that in future can be used to create dropdown menus using <select> <option> tags.
 		it needs an object which has ``key: value`` pairs and will return a string that can be appended to HTML
 	*/
-	generateSelectTemplate(options: {[key: string]: string}, className?: string, idName?: string): string {
-		let select = `<select class="${escape(className)}" id="${escape(idName)}">\n`;
+	generateSelectHTML(options: {[key: string]: string}, className?: string, idName?: string): string {
+		let html = htmlEscape`<select class="${className}" id="${idName}">\n`;
 		Object.keys(options).forEach(key => {
-			select += `<option name="${escape(key)}" value="${escape(key)}">${escape(options[key])}</option>\n`;
+			html += htmlEscape`<option name="${key}" value="${key}">${options[key]}</option>\n`;
 		});
-		select += '</select>';
-		return select;
+		html += '</select>';
+		return html;
 	}
 
 	reloadApp(): void {
diff --git a/app/renderer/js/pages/preference/connected-org-section.ts b/app/renderer/js/pages/preference/connected-org-section.ts
index 48fe9f69..b9e079b6 100644
--- a/app/renderer/js/pages/preference/connected-org-section.ts
+++ b/app/renderer/js/pages/preference/connected-org-section.ts
@@ -1,5 +1,7 @@
 import {ipcRenderer} from 'electron';
 
+import {htmlEscape} from 'escape-goat';
+
 import * as DomainUtil from '../../utils/domain-util';
 import * as t from '../../utils/translation-util';
 
@@ -24,8 +26,8 @@ export default class ConnectedOrgSection extends BaseSection {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
 			<div class="settings-pane" id="server-settings-pane">
 				<div class="page-title">${t.__('Connected organizations')}</div>
 				<div class="title" id="existing-servers">${t.__('All the connected orgnizations will appear here.')}</div>
@@ -44,10 +46,10 @@ export default class ConnectedOrgSection extends BaseSection {
 	}
 
 	initServers(): void {
-		this.props.$root.innerHTML = '';
+		this.props.$root.textContent = '';
 
 		const servers = DomainUtil.getDomains();
-		this.props.$root.innerHTML = this.template();
+		this.props.$root.innerHTML = this.templateHTML();
 
 		this.$serverInfoContainer = document.querySelector('#server-info-container');
 		this.$existingServers = document.querySelector('#existing-servers');
@@ -57,7 +59,7 @@ export default class ConnectedOrgSection extends BaseSection {
 
 		const noServerText = t.__('All the connected orgnizations will appear here');
 		// Show noServerText if no servers are there otherwise hide it
-		this.$existingServers.innerHTML = servers.length === 0 ? noServerText : '';
+		this.$existingServers.textContent = servers.length === 0 ? noServerText : '';
 
 		for (const [i, server] of servers.entries()) {
 			new ServerInfoForm({
diff --git a/app/renderer/js/pages/preference/find-accounts.ts b/app/renderer/js/pages/preference/find-accounts.ts
index 3bb77de4..2c01914d 100644
--- a/app/renderer/js/pages/preference/find-accounts.ts
+++ b/app/renderer/js/pages/preference/find-accounts.ts
@@ -1,3 +1,5 @@
+import {htmlEscape} from 'escape-goat';
+
 import BaseComponent from '../../components/base';
 import * as LinkUtil from '../../utils/link-util';
 import * as t from '../../utils/translation-util';
@@ -16,8 +18,8 @@ export default class FindAccounts extends BaseComponent {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
 			<div class="settings-card certificate-card">
 				<div class="certificate-input">
 					<div>${t.__('Organization URL')}</div>
@@ -31,7 +33,7 @@ export default class FindAccounts extends BaseComponent {
 	}
 
 	init(): void {
-		this.$findAccounts = this.generateNodeFromTemplate(this.template());
+		this.$findAccounts = this.generateNodeFromHTML(this.templateHTML());
 		this.props.$root.append(this.$findAccounts);
 		this.$findAccountsButton = this.$findAccounts.querySelector('#find-accounts-button');
 		this.$serverUrlField = this.$findAccounts.querySelectorAll('input.setting-input-value')[0] as HTMLInputElement;
diff --git a/app/renderer/js/pages/preference/general-section.ts b/app/renderer/js/pages/preference/general-section.ts
index 80fa8239..0494799b 100644
--- a/app/renderer/js/pages/preference/general-section.ts
+++ b/app/renderer/js/pages/preference/general-section.ts
@@ -2,6 +2,7 @@ import {ipcRenderer, remote, OpenDialogOptions} from 'electron';
 import path from 'path';
 
 import Tagify from '@yaireo/tagify';
+import {htmlEscape} from 'escape-goat';
 import fs from 'fs-extra';
 import ISO6391 from 'iso-639-1';
 
@@ -26,8 +27,8 @@ export default class GeneralSection extends BaseSection {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
             <div class="settings-pane">
                 <div class="title">${t.__('Appearance')}</div>
                 <div id="appearance-option-settings" class="settings-card">
@@ -157,7 +158,7 @@ export default class GeneralSection extends BaseSection {
 	}
 
 	init(): void {
-		this.props.$root.innerHTML = this.template();
+		this.props.$root.innerHTML = this.templateHTML();
 		this.updateTrayOption();
 		this.updateBadgeOption();
 		this.updateSilentOption();
@@ -399,8 +400,8 @@ export default class GeneralSection extends BaseSection {
 
 	setLocale(): void {
 		const langDiv: HTMLSelectElement = document.querySelector('.lang-div');
-		const langList = this.generateSelectTemplate(supportedLocales, 'lang-menu');
-		langDiv.innerHTML += langList;
+		const langListHTML = this.generateSelectHTML(supportedLocales, 'lang-menu');
+		langDiv.innerHTML += langListHTML;
 		// `langMenu` is the select-option dropdown menu formed after executing the previous command
 		const langMenu: HTMLSelectElement = document.querySelector('.lang-menu');
 
@@ -516,7 +517,7 @@ export default class GeneralSection extends BaseSection {
 			const note: HTMLElement = document.querySelector('#note');
 			note.append(t.__('You can select a maximum of 3 languages for spellchecking.'));
 			const spellDiv: HTMLElement = document.querySelector('#spellcheck-langs');
-			spellDiv.innerHTML += `
+			spellDiv.innerHTML += htmlEscape`
 				<div class="setting-description">${t.__('Spellchecker Languages')}</div>
 				<input name='spellcheck' placeholder='Enter Languages'>`;
 
diff --git a/app/renderer/js/pages/preference/nav.ts b/app/renderer/js/pages/preference/nav.ts
index e1beb94c..57d79c2b 100644
--- a/app/renderer/js/pages/preference/nav.ts
+++ b/app/renderer/js/pages/preference/nav.ts
@@ -1,3 +1,5 @@
+import {htmlEscape} from 'escape-goat';
+
 import BaseComponent from '../../components/base';
 import * as t from '../../utils/translation-util';
 
@@ -17,22 +19,22 @@ export default class PreferenceNav extends BaseComponent {
 		this.init();
 	}
 
-	template(): string {
-		let navItemsTemplate = '';
+	templateHTML(): string {
+		let navItemsHTML = '';
 		for (const navItem of this.navItems) {
-			navItemsTemplate += `<div class="nav" id="nav-${navItem}">${t.__(navItem)}</div>`;
+			navItemsHTML += htmlEscape`<div class="nav" id="nav-${navItem}">${t.__(navItem)}</div>`;
 		}
 
-		return `
+		return htmlEscape`
 			<div>
 				<div id="settings-header">${t.__('Settings')}</div>
-				<div id="nav-container">${navItemsTemplate}</div>
+				<div id="nav-container">` + navItemsHTML + htmlEscape`</div>
 			</div>
 		`;
 	}
 
 	init(): void {
-		this.$el = this.generateNodeFromTemplate(this.template());
+		this.$el = this.generateNodeFromHTML(this.templateHTML());
 		this.props.$root.append(this.$el);
 		this.registerListeners();
 	}
diff --git a/app/renderer/js/pages/preference/network-section.ts b/app/renderer/js/pages/preference/network-section.ts
index 4be05dda..e5b4ab55 100644
--- a/app/renderer/js/pages/preference/network-section.ts
+++ b/app/renderer/js/pages/preference/network-section.ts
@@ -1,5 +1,7 @@
 import {ipcRenderer} from 'electron';
 
+import {htmlEscape} from 'escape-goat';
+
 import * as ConfigUtil from '../../utils/config-util';
 import * as t from '../../utils/translation-util';
 
@@ -21,8 +23,8 @@ export default class NetworkSection extends BaseSection {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
             <div class="settings-pane">
                 <div class="title">${t.__('Proxy')}</div>
                 <div id="appearance-option-settings" class="settings-card">
@@ -59,7 +61,7 @@ export default class NetworkSection extends BaseSection {
 	}
 
 	init(): void {
-		this.props.$root.innerHTML = this.template();
+		this.props.$root.innerHTML = this.templateHTML();
 		this.$proxyPAC = document.querySelector('#proxy-pac-option .setting-input-value');
 		this.$proxyRules = document.querySelector('#proxy-rules-option .setting-input-value');
 		this.$proxyBypass = document.querySelector('#proxy-bypass-option .setting-input-value');
diff --git a/app/renderer/js/pages/preference/new-server-form.ts b/app/renderer/js/pages/preference/new-server-form.ts
index 88be5eea..811d95da 100644
--- a/app/renderer/js/pages/preference/new-server-form.ts
+++ b/app/renderer/js/pages/preference/new-server-form.ts
@@ -1,5 +1,7 @@
 import {ipcRenderer, remote} from 'electron';
 
+import {htmlEscape} from 'escape-goat';
+
 import BaseComponent from '../../components/base';
 import * as DomainUtil from '../../utils/domain-util';
 import * as LinkUtil from '../../utils/link-util';
@@ -22,8 +24,8 @@ export default class NewServerForm extends BaseComponent {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
 			<div class="server-input-container">
 				<div class="title">${t.__('Organization URL')}</div>
 				<div class="add-server-info-row">
@@ -56,20 +58,20 @@ export default class NewServerForm extends BaseComponent {
 	}
 
 	initForm(): void {
-		this.$newServerForm = this.generateNodeFromTemplate(this.template());
+		this.$newServerForm = this.generateNodeFromHTML(this.templateHTML());
 		this.$saveServerButton = this.$newServerForm.querySelector('#connect');
-		this.props.$root.innerHTML = '';
+		this.props.$root.textContent = '';
 		this.props.$root.append(this.$newServerForm);
 		this.$newServerUrl = this.$newServerForm.querySelectorAll('input.setting-input-value')[0] as HTMLInputElement;
 	}
 
 	async submitFormHandler(): Promise<void> {
-		this.$saveServerButton.innerHTML = 'Connecting...';
+		this.$saveServerButton.textContent = 'Connecting...';
 		let serverConf;
 		try {
 			serverConf = await DomainUtil.checkDomain(this.$newServerUrl.value);
 		} catch (error) {
-			this.$saveServerButton.innerHTML = 'Connect';
+			this.$saveServerButton.textContent = 'Connect';
 			await dialog.showMessageBox({
 				type: 'error',
 				message: error.toString(),
diff --git a/app/renderer/js/pages/preference/server-info-form.ts b/app/renderer/js/pages/preference/server-info-form.ts
index bd2b647c..d7dcc816 100644
--- a/app/renderer/js/pages/preference/server-info-form.ts
+++ b/app/renderer/js/pages/preference/server-info-form.ts
@@ -1,5 +1,7 @@
 import {remote, ipcRenderer} from 'electron';
 
+import {htmlEscape} from 'escape-goat';
+
 import * as Messages from '../../../../resources/messages';
 import BaseComponent from '../../components/base';
 import * as DomainUtil from '../../utils/domain-util';
@@ -26,8 +28,8 @@ export default class ServerInfoForm extends BaseComponent {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
+	templateHTML(): string {
+		return htmlEscape`
 			<div class="settings-card">
 				<div class="server-info-left">
 					<img class="server-info-icon" src="${this.props.server.icon}"/>
@@ -56,7 +58,7 @@ export default class ServerInfoForm extends BaseComponent {
 	}
 
 	initForm(): void {
-		this.$serverInfoForm = this.generateNodeFromTemplate(this.template());
+		this.$serverInfoForm = this.generateNodeFromHTML(this.templateHTML());
 		this.$serverInfoAlias = this.$serverInfoForm.querySelectorAll('.server-info-alias')[0];
 		this.$serverIcon = this.$serverInfoForm.querySelectorAll('.server-info-icon')[0];
 		this.$deleteServerButton = this.$serverInfoForm.querySelectorAll('.server-delete-action')[0];
diff --git a/app/renderer/js/pages/preference/servers-section.ts b/app/renderer/js/pages/preference/servers-section.ts
index 72eff2f2..a8dd6ecc 100644
--- a/app/renderer/js/pages/preference/servers-section.ts
+++ b/app/renderer/js/pages/preference/servers-section.ts
@@ -1,3 +1,5 @@
+import {htmlEscape} from 'escape-goat';
+
 import * as t from '../../utils/translation-util';
 
 import BaseSection from './base-section';
@@ -15,16 +17,16 @@ export default class ServersSection extends BaseSection {
 		this.props = props;
 	}
 
-	template(): string {
-		return `
-		<div class="add-server-modal">
-			<div class="modal-container">
-				<div class="settings-pane" id="server-settings-pane">
-					<div class="page-title">${t.__('Add a Zulip organization')}</div>
-					<div id="new-server-container"></div>
+	templateHTML(): string {
+		return htmlEscape`
+			<div class="add-server-modal">
+				<div class="modal-container">
+					<div class="settings-pane" id="server-settings-pane">
+						<div class="page-title">${t.__('Add a Zulip organization')}</div>
+						<div id="new-server-container"></div>
+					</div>
 				</div>
 			</div>
-		</div>
 		`;
 	}
 
@@ -33,9 +35,9 @@ export default class ServersSection extends BaseSection {
 	}
 
 	initServers(): void {
-		this.props.$root.innerHTML = '';
+		this.props.$root.textContent = '';
 
-		this.props.$root.innerHTML = this.template();
+		this.props.$root.innerHTML = this.templateHTML();
 		this.$newServerContainer = document.querySelector('#new-server-container');
 
 		this.initNewServerForm();
diff --git a/app/renderer/js/pages/preference/shortcuts-section.ts b/app/renderer/js/pages/preference/shortcuts-section.ts
index ace46832..dd98d332 100644
--- a/app/renderer/js/pages/preference/shortcuts-section.ts
+++ b/app/renderer/js/pages/preference/shortcuts-section.ts
@@ -1,3 +1,5 @@
+import {htmlEscape} from 'escape-goat';
+
 import * as LinkUtil from '../../utils/link-util';
 import * as t from '../../utils/translation-util';
 
@@ -14,14 +16,14 @@ export default class ShortcutsSection extends BaseSection {
 		this.props = props;
 	}
 
-	// TODO - Deduplicate templateMac and templateWinLin functions. In theory
+	// TODO - Deduplicate templateMacHTML and templateWinLinHTML functions. In theory
 	// they both should be the same the only thing different should be the userOSKey
 	// variable but there seems to be inconsistences between both function, one has more
 	// lines though one may just be using more new lines and other thing is the use of +.
-	templateMac(): string {
+	templateMacHTML(): string {
 		const userOSKey = '⌘';
 
-		return `
+		return htmlEscape`
 						<div class="settings-pane">
 						<div class="settings-card tip"><p><b><i class="material-icons md-14">settings</i>${t.__('Tip')}:  </b>${t.__('These desktop app shortcuts extend the Zulip webapp\'s')} <span id="open-hotkeys-link"> ${t.__('keyboard shortcuts')}</span>.</p></div>
 							<div class="title">${t.__('Application Shortcuts')}</div>
@@ -182,10 +184,10 @@ export default class ShortcutsSection extends BaseSection {
 		`;
 	}
 
-	templateWinLin(): string {
+	templateWinLinHTML(): string {
 		const userOSKey = 'Ctrl';
 
-		return `
+		return htmlEscape`
 						<div class="settings-pane">
 						<div class="settings-card tip"><p><b><i class="material-icons md-14">settings</i>${t.__('Tip')}:  </b>${t.__('These desktop app shortcuts extend the Zulip webapp\'s')} <span id="open-hotkeys-link"> ${t.__('keyboard shortcuts')}</span>.</p></div>
 							<div class="title">${t.__('Application Shortcuts')}</div>
@@ -340,7 +342,7 @@ export default class ShortcutsSection extends BaseSection {
 
 	init(): void {
 		this.props.$root.innerHTML = (process.platform === 'darwin') ?
-			this.templateMac() : this.templateWinLin();
+			this.templateMacHTML() : this.templateWinLinHTML();
 		this.openHotkeysExternalLink();
 	}
 }
diff --git a/app/renderer/js/utils/common-util.ts b/app/renderer/js/utils/common-util.ts
deleted file mode 100644
index 23da9bdc..00000000
--- a/app/renderer/js/utils/common-util.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-// Unescape already encoded/escaped strings
-export function decodeString(stringInput: string): string {
-	const parser = new DOMParser();
-	const dom = parser.parseFromString(
-		'<!doctype html><body>' + stringInput,
-		'text/html');
-	return dom.body.textContent;
-}
diff --git a/app/renderer/js/utils/link-util.ts b/app/renderer/js/utils/link-util.ts
index c9b976b2..0a71b4e6 100644
--- a/app/renderer/js/utils/link-util.ts
+++ b/app/renderer/js/utils/link-util.ts
@@ -3,7 +3,7 @@ import fs from 'fs';
 import os from 'os';
 import path from 'path';
 
-import escape from 'escape-html';
+import {htmlEscape} from 'escape-goat';
 
 export function isUploadsUrl(server: string, url: URL): boolean {
 	return url.origin === server && url.pathname.startsWith('/user_uploads/');
@@ -19,12 +19,12 @@ export async function openBrowser(url: URL): Promise<void> {
 			path.join(os.tmpdir(), 'zulip-redirect-')
 		);
 		const file = path.join(dir, 'redirect.html');
-		fs.writeFileSync(file, `\
+		fs.writeFileSync(file, htmlEscape`\
 <!DOCTYPE html>
 <html>
     <head>
         <meta charset="UTF-8" />
-        <meta http-equiv="Refresh" content="0; url=${escape(url.href)}" />
+        <meta http-equiv="Refresh" content="0; url=${url.href}" />
         <title>Redirecting</title>
         <style>
             html {
@@ -33,7 +33,7 @@ export async function openBrowser(url: URL): Promise<void> {
         </style>
     </head>
     <body>
-        <p>Opening <a href="${escape(url.href)}">${escape(url.href)}</a>…</p>
+        <p>Opening <a href="${url.href}">${url.href}</a>…</p>
     </body>
 </html>
 `);
diff --git a/app/renderer/js/utils/reconnect-util.ts b/app/renderer/js/utils/reconnect-util.ts
index 690f0a42..9af3a189 100644
--- a/app/renderer/js/utils/reconnect-util.ts
+++ b/app/renderer/js/utils/reconnect-util.ts
@@ -1,6 +1,7 @@
 import {ipcRenderer} from 'electron';
 
 import backoff from 'backoff';
+import {htmlEscape} from 'escape-goat';
 
 import type WebView from '../components/webview';
 
@@ -60,7 +61,7 @@ export default class ReconnectUtil {
 		logger.log('There is no internet connection, try checking network cables, modem and router.');
 		const errorMessageHolder = document.querySelector('#description');
 		if (errorMessageHolder) {
-			errorMessageHolder.innerHTML = `
+			errorMessageHolder.innerHTML = htmlEscape`
 						<div>Your internet connection doesn't seem to work properly!</div>
 						<div>Verify that it works and then click try again.</div>`;
 		}
diff --git a/package-lock.json b/package-lock.json
index c3f137d8..dd2ec68a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -652,12 +652,6 @@
       "integrity": "sha512-Q1y515GcOdTHgagaVFhHnIFQ38ygs/kmxdNpvpou+raI9UO3YZcHDngBSYKQklcKlvA7iuQlmIKbzvmxcOE9CQ==",
       "dev": true
     },
-    "@types/escape-html": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@types/escape-html/-/escape-html-1.0.0.tgz",
-      "integrity": "sha512-Ehe6irbxo5BSYwG03buglLJCmy3JqqtC69UvopsBWYf4hDa+ZODJ7BuZU6y+YE4U6MaoSruTxM2+uePfAHts9Q==",
-      "dev": true
-    },
     "@types/eslint-visitor-keys": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/@types/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
@@ -3686,15 +3680,9 @@
       "dev": true
     },
     "escape-goat": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-2.1.1.tgz",
-      "integrity": "sha512-8/uIhbG12Csjy2JEW7D9pHbreaVaS/OpN3ycnyvElTdwM5n6GY6W6e2IPemfvGZeUMqZ9A/3GqIZMgKnBhAw/Q==",
-      "dev": true
-    },
-    "escape-html": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-3.0.0.tgz",
+      "integrity": "sha512-w3PwNZJwRxlp47QGzhuEBldEqVHHhh8/tIPcl6ecf2Bou99cdAt0knihBV0Ecc7CGxYduXVBDheH1K2oADRlvw=="
     },
     "escape-string-regexp": {
       "version": "4.0.0",
@@ -9116,6 +9104,14 @@
       "dev": true,
       "requires": {
         "escape-goat": "^2.0.0"
+      },
+      "dependencies": {
+        "escape-goat": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-2.1.1.tgz",
+          "integrity": "sha512-8/uIhbG12Csjy2JEW7D9pHbreaVaS/OpN3ycnyvElTdwM5n6GY6W6e2IPemfvGZeUMqZ9A/3GqIZMgKnBhAw/Q==",
+          "dev": true
+        }
       }
     },
     "puppeteer-core": {
diff --git a/package.json b/package.json
index db4d85c1..b49f13f8 100644
--- a/package.json
+++ b/package.json
@@ -155,7 +155,7 @@
     "electron-log": "^4.2.4",
     "electron-updater": "^4.3.4",
     "electron-window-state": "^5.0.3",
-    "escape-html": "^1.0.3",
+    "escape-goat": "^3.0.0",
     "fs-extra": "^9.0.1",
     "get-stream": "^6.0.0",
     "i18n": "^0.13.2",
@@ -171,7 +171,6 @@
     "@types/adm-zip": "^0.4.33",
     "@types/auto-launch": "^5.0.1",
     "@types/backoff": "^2.5.1",
-    "@types/escape-html": "^1.0.0",
     "@types/fs-extra": "^9.0.1",
     "@types/i18n": "^0.8.7",
     "@types/node": "^14.6.4",