diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php
index 4b708a1aa..108db2dba 100644
--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -110,7 +110,7 @@ class Lockview extends Controller {
 			// as unknown specific recipients. The sender will have the visibility list and will fall through to the
 			// next section.
 
-			echo '<div class="dropdown-item-text">' . translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
+			echo '<div class="dropdown-item-text">' . escape_tags(translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy'])) . '</div>';
 			killme();
 		}
 
diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php
index a06193e12..5b7557397 100644
--- a/Zotlabs/Module/Profiles.php
+++ b/Zotlabs/Module/Profiles.php
@@ -841,7 +841,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 						'$alt' => t('Profile Image'),
 						'$profile_name' => $rr['profile_name'],
 						'$visible' => (($rr['is_default'])
-							? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>'
+							? '<strong>' . escape_tags(translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile')))) . '</strong>'
 							: '<a href="' . z_root() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
 					));
 				}
diff --git a/include/items.php b/include/items.php
index 95bbc2006..3f659defe 100644
--- a/include/items.php
+++ b/include/items.php
@@ -1272,7 +1272,7 @@ function map_scope($scope, $strip = false) {
  * @param string $scope
  * @return string translated string describing the scope
  */
-function translate_scope($scope) {
+function translate_scope($scope): string {
 	if(! $scope || $scope === 'public')
 		return t('Visible to anybody on the internet.');
 	if(strpos($scope,'self') === 0)
@@ -1289,6 +1289,9 @@ function translate_scope($scope) {
 		return t('Visible to approved connections.');
 	if(strpos($scope,'specific') === 0)
 		return t('Visible to specific connections.');
+
+	// Fall through and return untranslated scope
+	return $scope;
 }
 
 /**
diff --git a/view/tpl/profile_edit.tpl b/view/tpl/profile_edit.tpl
index 4d24e0a0f..b73f1289e 100644
--- a/view/tpl/profile_edit.tpl
+++ b/view/tpl/profile_edit.tpl
@@ -42,7 +42,7 @@
 			<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
 
 			{{if $is_default}}
-			<div class="section-content-info-wrapper">{{$default}}</div>
+			<div class="section-content-info-wrapper">{{$default | escape:'html'}}</div>
 			{{/if}}
 
 			<div class="panel-group" id="profile-edit-wrapper" role="tablist" aria-multiselectable="true">