diff --git a/openstack_dashboard/dashboards/project/stacks/forms.py b/openstack_dashboard/dashboards/project/stacks/forms.py
index 8bff2159a5..b37a5d471d 100644
--- a/openstack_dashboard/dashboards/project/stacks/forms.py
+++ b/openstack_dashboard/dashboards/project/stacks/forms.py
@@ -13,6 +13,7 @@
 import json
 import logging
 
+from django.utils import html
 from django.utils.translation import ugettext_lazy as _
 from django.views.decorators.debug import sensitive_variables  # noqa
 
@@ -290,7 +291,7 @@ class CreateStackForm(forms.SelfHandlingForm):
             field_args = {
                 'initial': param.get('Default', None),
                 'label': param.get('Label', param_key),
-                'help_text': param.get('Description', ''),
+                'help_text': html.escape(param.get('Description', '')),
                 'required': param.get('Default', None) is None
             }