diff --git a/tailbone/grids/core.py b/tailbone/grids/core.py
index b428aaa6..91c3d1f5 100644
--- a/tailbone/grids/core.py
+++ b/tailbone/grids/core.py
@@ -1651,7 +1651,11 @@ class Grid(object):
                     value = self.obtain_value(rowobj, name)
                 if value is None:
                     value = ""
-                row[name] = str(value)
+
+                # this value will ultimately be inserted into table
+                # cell a la <td v-html="..."> so we must escape it
+                # here to be safe
+                row[name] = HTML.literal.escape(value)
 
             # maybe add UUID for convenience
             if 'uuid' not in self.columns: