diff --git a/lib/get-branch.php b/lib/get-branch.php
index e732f62..d0bbd66 100644
--- a/lib/get-branch.php
+++ b/lib/get-branch.php
@@ -117,7 +117,7 @@ if (!isset($ftpSite) && $_SESSION['githubDiff']) {
 $scanDir = $docRoot.$iceRoot;
 $location = "";
 echo '<div id="branch" style="display: none">';
-$location = str_replace("|","/",$_GET['location']);
+$location = str_replace("|","/",xssClean($_GET['location'],"html"));
 if ($location=="/") {$location = "";};
 
 $dirArray = $filesArray = $finalArray = array();
diff --git a/lib/github.php b/lib/github.php
index a9f742b..0424774 100644
--- a/lib/github.php
+++ b/lib/github.php
@@ -53,8 +53,8 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 			<script>
 			// Start our github object, establish this repo & file path
 			var github = new Github({token: "'.$_SESSION['githubAuthToken'].'", auth: "oauth"});
-			var thisRepo = "'.$_GET['repo'].'";
-			var thisFilePath = "'.$_GET['filePath'].'";
+			var thisRepo = "'.xssClean($_GET['repo'],"html").'";
+			var thisFilePath = "'.xssClean($_GET['filePath'],"html").'";
 
 			// Start our repo and read the data in, then update diff pane with that
 			var repo = github.getRepo(thisRepo.split("|")[0], thisRepo.split("|")[1]);