diff --git a/info/tpl/jsGoo.js b/info/tpl/jsGoo.js
index f1793a96..d8b4b913 100644
--- a/info/tpl/jsGoo.js
+++ b/info/tpl/jsGoo.js
@@ -1049,9 +1049,9 @@ function HTMLDecode(s) {
     s = s.replace(/'/g,"'");
     s = s.replace(///g,"/");
     s = s.replace(/"/g,'"');
-    s = s.replace(/&/g,"&");
     s = s.replace(/&lt;/g,"<");
-    return s.replace(/&gt;/g,">");
+    s = s.replace(/&gt;/g,">");
+    return s.replace(/&amp;/g,"&");
 }
 
 //utils-shortcuts -- remove if you need to 
diff --git a/info/tpl/menu.js b/info/tpl/menu.js
index 65fc14e6..463571be 100644
--- a/info/tpl/menu.js
+++ b/info/tpl/menu.js
@@ -1,3 +1,14 @@
+function escapeHtml(text) {
+    const map = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#039;'
+    };
+    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+}
+
 function generateMenuFromHeadings(node, hh) {
     // Select all H2 elements
     const h2Elements = node.querySelectorAll(hh);
@@ -14,7 +25,7 @@ function generateMenuFromHeadings(node, hh) {
         // menuItem.textContent = h2.textContent;
 
         // Optionally, set an id on the H2 for navigation
-	var index = h2.textContent;
+	var index = escapeHtml(h2.textContent);
 	
         const h2Id = `heading-${index}`;
         h2.setAttribute('id', h2Id);