diff --git a/lib/nuts.js b/lib/nuts.js
index ad499ca..1307c35 100644
--- a/lib/nuts.js
+++ b/lib/nuts.js
@@ -190,7 +190,7 @@ Nuts.prototype.onDownload = function(req, res, next) {
         }
 
         if (!asset) {
-          res.status(400).send("No download available for platform "+platform+" for version "+version.tag+" ("+(channel || "beta")+")");
+          res.status(400).send("No download available for platform "+_.escape(platform)+" for version "+version.tag+" ("+(channel || "beta")+")");
           return;
         }
 
@@ -210,7 +210,7 @@ Nuts.prototype.onUpdateRedirect = function(req, res, next) {
         if (!req.query.version) throw new Error('Requires "version" parameter');
         if (!req.query.platform) throw new Error('Requires "platform" parameter');
 
-        return res.redirect('/update/'+req.query.platform+'/'+req.query.version);
+        return res.redirect('/update/'+_.escape(req.query.platform)+'/'+req.query.version);
     })
     .fail(next);
 };