diff --git a/public/client.js b/public/client.js
index 2cda6a53..8941fbe3 100644
--- a/public/client.js
+++ b/public/client.js
@@ -1,85 +1,114 @@
-$( document ).ready(function() {
-  let  items = [];
-  let  itemsRaw = [];
-  
-  $.getJSON('/api/books', function(data) {
+// Regular expression to pick up HTML/XML tags, in case of any cross-site scripting attempts.
+const tagRegex = /(?:\<\/?.+\>)/g;
+
+$(document).ready(function () {
+  let items = [];
+  let itemsRaw = [];
+
+  $.getJSON("/api/books", function (data) {
     //let  items = [];
     itemsRaw = data;
-    $.each(data, function(i, val) {
-      items.push('<li class="bookItem" id="' + i + '">' + val.title + ' - ' + val.commentcount + ' comments</li>');
-      return ( i !== 14 );
+    $.each(data, function (i, val) {
+      items.push(
+        '<li class="bookItem" id="' +
+          i +
+          '">' +
+          val.title.replace(tagRegex, "") +   // If title in database has HTML tags, remove them.
+          " - " +
+          val.commentcount +
+          " comments</li>"
+      );
+      return i !== 14;
     });
     if (items.length >= 15) {
-      items.push('<p>...and '+ (data.length - 15)+' more!</p>');
+      items.push("<p>...and " + (data.length - 15) + " more!</p>");
     }
-    $('<ul/>', {
-      'class': 'listWrapper',
-      html: items.join('')
-      }).appendTo('#display');
+    $("<ul/>", {
+      class: "listWrapper",
+      html: items.join(""),
+    }).appendTo("#display");
   });
-  
-  let  comments = [];
-  $('#display').on('click','li.bookItem',function() {
-    $("#detailTitle").html('<b>'+itemsRaw[this.id].title+'</b> (id: '+itemsRaw[this.id]._id+')');
-    $.getJSON('/api/books/'+itemsRaw[this.id]._id, function(data) {
+
+  let comments = [];
+  $("#display").on("click", "li.bookItem", function () {
+    $("#detailTitle").html(
+      "<b>" +
+        itemsRaw[this.id].title.replace(tagRegex, "") +   // If title in database has HTML tags, remove them.
+        "</b> (id: " +
+        itemsRaw[this.id]._id +
+        ")"
+    );
+    $.getJSON("/api/books/" + itemsRaw[this.id]._id, function (data) {
       comments = [];
-      $.each(data.comments, function(i, val) {
-        comments.push('<li>' +val+ '</li>');
+      $.each(data.comments, function (i, val) {
+        comments.push("<li>" + val + "</li>");
       });
-      comments.push('<br><form id="newCommentForm"><input style="width:300px" type="text" class="form-control" id="commentToAdd" name="comment" placeholder="New Comment"></form>');
-      comments.push('<br><button class="btn btn-info addComment" id="'+ data._id+'">Add Comment</button>');
-      comments.push('<button class="btn btn-danger deleteBook" id="'+ data._id+'">Delete Book</button>');
-      $('#detailComments').html(comments.join(''));
+      comments.push(
+        '<br><form id="newCommentForm"><input style="width:300px" type="text" class="form-control" id="commentToAdd" name="comment" placeholder="New Comment"></form>'
+      );
+      comments.push(
+        '<br><button class="btn btn-info addComment" id="' +
+          data._id +
+          '">Add Comment</button>'
+      );
+      comments.push(
+        '<button class="btn btn-danger deleteBook" id="' +
+          data._id +
+          '">Delete Book</button>'
+      );
+      $("#detailComments").html(comments.join(""));
     });
   });
-  
-  $('#bookDetail').on('click','button.deleteBook',function() {
+
+  $("#bookDetail").on("click", "button.deleteBook", function () {
     $.ajax({
-      url: '/api/books/'+this.id,
-      type: 'delete',
-      success: function(data) {
+      url: "/api/books/" + this.id,
+      type: "delete",
+      success: function (data) {
         //update list
-        $('#detailComments').html('<p style="color: red;">'+data+'<p><p>Refresh the page</p>');
-      }
+        $("#detailComments").html(
+          '<p style="color: red;">' + data + "<p><p>Refresh the page</p>"
+        );
+      },
     });
-  });  
-  
-  $('#bookDetail').on('click','button.addComment',function() {
-    let  newComment = $('#commentToAdd').val();
+  });
+
+  $("#bookDetail").on("click", "button.addComment", function () {
+    let newComment = $("#commentToAdd").val();
+    newComment = newComment.replace(tagRegex, ""); // Sanitize new comment before adding to the HTML below.
     $.ajax({
-      url: '/api/books/'+this.id,
-      type: 'post',
-      dataType: 'json',
-      data: $('#newCommentForm').serialize(),
-      success: function(data) {
+      url: "/api/books/" + this.id,
+      type: "post",
+      dataType: "json",
+      data: $("#newCommentForm").serialize(),
+      success: function (data) {
         comments.unshift(newComment); //adds new comment to top of list
-        $('#detailComments').html(comments.join(''));
-      }
+        $("#detailComments").html(comments.join(""));
+      },
     });
   });
-  
-  $('#newBook').click(function() {
+
+  $("#newBook").click(function () {
     $.ajax({
-      url: '/api/books',
-      type: 'post',
-      dataType: 'json',
-      data: $('#newBookForm').serialize(),
-      success: function(data) {
+      url: "/api/books",
+      type: "post",
+      dataType: "json",
+      data: $("#newBookForm").serialize(),
+      success: function (data) {
         //update list
-      }
+      },
     });
   });
-  
-  $('#deleteAllBooks').click(function() {
+
+  $("#deleteAllBooks").click(function () {
     $.ajax({
-      url: '/api/books',
-      type: 'delete',
-      dataType: 'json',
-      data: $('#newBookForm').serialize(),
-      success: function(data) {
+      url: "/api/books",
+      type: "delete",
+      dataType: "json",
+      data: $("#newBookForm").serialize(),
+      success: function (data) {
         //update list
-      }
+      },
     });
-  }); 
-  
-});
\ No newline at end of file
+  });
+});