diff --git a/frontend/mock-backend/mock-api-middleware.ts b/frontend/mock-backend/mock-api-middleware.ts
index 2cbad278054..2da701227d6 100644
--- a/frontend/mock-backend/mock-api-middleware.ts
+++ b/frontend/mock-backend/mock-api-middleware.ts
@@ -14,6 +14,7 @@
 
 import * as express from 'express';
 import { Response } from 'express-serve-static-core';
+import escapeHtml from 'escape-html';
 import * as fs from 'fs';
 import * as _path from 'path';
 import { ApiExperiment, ApiListExperimentsResponse } from '../src/apis/experiment';
@@ -363,7 +364,7 @@ export default (app: express.Application) => {
         job.enabled = true;
         res.json({});
       } else {
-        res.status(500).send('Cannot find a job with id ' + req.params.jid);
+        res.status(500).send('Cannot find a job with id ' + escapeHtml(req.params.jid));
       }
     }, 1000);
   });
@@ -375,7 +376,7 @@ export default (app: express.Application) => {
         job.enabled = false;
         res.json({});
       } else {
-        res.status(500).send('Cannot find a job with id ' + req.params.jid);
+        res.status(500).send('Cannot find a job with id ' + escapeHtml(req.params.jid));
       }
     }, 1000);
   });
diff --git a/frontend/mock-backend/package.json b/frontend/mock-backend/package.json
index 41aa3ae5226..315cc2404c1 100644
--- a/frontend/mock-backend/package.json
+++ b/frontend/mock-backend/package.json
@@ -10,6 +10,7 @@
   "license": "ISC",
   "dependencies": {
     "@types/express": "^4.16.0",
-    "express": "^4.16.3"
+    "express": "^4.16.3",
+    "escape-html": "^1.0.3"
   }
 }