diff --git a/assets/js/src/subscribers/importExport/import.js b/assets/js/src/subscribers/importExport/import.js
index 32e49866c7..e92d19924b 100644
--- a/assets/js/src/subscribers/importExport/import.js
+++ b/assets/js/src/subscribers/importExport/import.js
@@ -7,7 +7,8 @@ define(
       'handlebars',
       'papaparse',
       'select2',
-      'asyncqueue'
+      'asyncqueue',
+      'xss'
     ],
     function (
       Backbone,
@@ -16,7 +17,8 @@ define(
       MailPoet,
       Handlebars,
       Papa,
-      AsyncQueue
+      AsyncQueue,
+      xss
     ) {
       if (!jQuery('#mailpoet_subscribers_import').length) {
         return;
@@ -355,7 +357,7 @@ define(
               complete: function (CSV) {
                 for (var rowCount in CSV.data) {
                   var rowData = CSV.data[rowCount].map(function (el) {
-                        return el.trim();
+                        return filterXSS(el.trim());
                       }),
                       rowColumnCount = rowData.length;
                   // set the number of row elements based on the first non-empty row
diff --git a/package.json b/package.json
index 183c8f46e8..d8d317ad16 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,8 @@
     "spectrum-colorpicker": "^1.6.2",
     "tinymce": "4.1.10",
     "underscore": "1.8.3",
-    "velocity-animate": "1.2.3"
+    "velocity-animate": "1.2.3",
+    "xss": "^0.2.10"
   },
   "devDependencies": {
     "expose-loader": "latest",
diff --git a/views/subscribers/importExport/import/step2.html b/views/subscribers/importExport/import/step2.html
index 195f9d7070..c9fb52bcdf 100644
--- a/views/subscribers/importExport/import/step2.html
+++ b/views/subscribers/importExport/import/step2.html
@@ -126,7 +126,7 @@
         </td>
         {{#.}}
         <td>
-          {{{this}}}
+          {{this}}
         </td>
         {{/.}}
       </tr>