diff --git a/app/views/checkout/_details.html.haml b/app/views/checkout/_details.html.haml
index 3a2cb5d90f..1918afc5cd 100644
--- a/app/views/checkout/_details.html.haml
+++ b/app/views/checkout/_details.html.haml
@@ -95,7 +95,7 @@
         %div.checkout-input{"data-shippingmethod-target": "shippingMethodDescription", "data-shippingmethodid": shipping_method.id , style: "display: #{ship_method_is_selected ? 'block' : 'none'}" }
           #distributor_address.panel
             - if shipping_method.description.present?
-              %span #{simple_format(shipping_method.description)}
+              = simple_format(html_escape(shipping_method.description))
               %br/
               %br/
             - if @order.order_cycle.pickup_time_for(@order.distributor)
diff --git a/app/views/checkout/_payment.html.haml b/app/views/checkout/_payment.html.haml
index 19c066f498..516d2025bb 100644
--- a/app/views/checkout/_payment.html.haml
+++ b/app/views/checkout/_payment.html.haml
@@ -29,7 +29,7 @@
           .paymentmethod-container{"data-paymentmethod-id": "#{payment_method.id}", style: "display: #{payment_method.id == selected_payment_method ? "block" : "none"}"}
             - if payment_method.description && !payment_method.description.empty?
               .paymentmethod-description.panel
-                #{simple_format(payment_method.description)}
+                = simple_format(html_escape(payment_method.description))
             .paymentmethod-form
               = render partial: "checkout/payment/#{payment_method.method_type}", locals: { payment_method: payment_method, f: f }