diff --git a/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/app.js b/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/app.js
index f901ab6a..d0090725 100644
--- a/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/app.js	
+++ b/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/app.js	
@@ -1,6 +1,7 @@
 var express = require('express'),
   bodyParser = require('body-parser'),
-  logger = require('morgan')
+  logger = require('morgan'),
+  escapeHtml = require('escape-html')
 
 let posts = require('./posts.json')
 
@@ -15,7 +16,17 @@ app.get('/', function(req, res, next) {
 })
 
 app.get('/api/posts', function(req, res, next) {
-  let results = posts
+  let results = posts.map(post => {
+    let escapedPost = {};
+    for (let key in post) {
+      if (typeof post[key] === 'string') {
+        escapedPost[key] = escapeHtml(post[key]);
+      } else {
+        escapedPost[key] = post[key];
+      }
+    }
+    return escapedPost;
+  });
   res.send(results)
 })
 
diff --git a/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/package.json b/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/package.json
index 8969bff1..bac6cf59 100644
--- a/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/package.json	
+++ b/archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/package.json	
@@ -19,7 +19,8 @@
   "dependencies": {
     "body-parser": ">=1.20.3",
     "express": ">=4.20.0",
-    "morgan": "1.9.1"
+    "morgan": "1.9.1",
+    "escape-html": "^1.0.3"
   },
   "devDependencies": {
     "body-parser": ">=1.20.3",