diff --git a/src/my-calendar-api.php b/src/my-calendar-api.php
index 065d3f1fc..efc03307b 100644
--- a/src/my-calendar-api.php
+++ b/src/my-calendar-api.php
@@ -100,7 +100,7 @@ function mc_format_api( $data, $format ) {
 			mc_api_format_csv( $data );
 			break;
 		case 'ical':
-			$context = ( isset( $_GET['context'] ) ) ? $_GET['context'] : 'google';
+			$context = ( isset( $_GET['context'] ) ) ? sanitize_text_field( $_GET['context'] ) : 'google';
 			mc_api_format_ical( $data, $context );
 			break;
 	}