diff --git a/awx/ui/client/src/access/permissions-list.controller.js b/awx/ui/client/src/access/permissions-list.controller.js
index ebdbc394d2..92ed68de9c 100644
--- a/awx/ui/client/src/access/permissions-list.controller.js
+++ b/awx/ui/client/src/access/permissions-list.controller.js
@@ -4,8 +4,8 @@
  * All Rights Reserved
  *************************************************/
 
-export default ['$scope', 'ListDefinition', 'Dataset', 'Wait', 'Rest', 'ProcessErrors', 'Prompt', '$state',
-    function($scope, list, Dataset, Wait, Rest, ProcessErrors, Prompt, $state) {
+export default ['$scope', 'ListDefinition', 'Dataset', 'Wait', 'Rest', 'ProcessErrors', 'Prompt', '$state', '$filter',
+    function($scope, list, Dataset, Wait, Rest, ProcessErrors, Prompt, $state, $filter) {
         init();
 
         function init() {
@@ -15,6 +15,7 @@ export default ['$scope', 'ListDefinition', 'Dataset', 'Wait', 'Rest', 'ProcessE
         }
 
         $scope.deletePermissionFromUser = function(userId, userName, roleName, roleType, url) {
+
             var action = function() {
                 $('#prompt-modal').modal('hide');
                 Wait('start');
@@ -36,9 +37,9 @@ export default ['$scope', 'ListDefinition', 'Dataset', 'Wait', 'Rest', 'ProcessE
                 hdr: `Remove role`,
                 body: `
                     <div class="Prompt-bodyQuery">
-                        Confirm  the removal of the ${roleType}
+                        Confirm  the removal of the ${$filter('sanitize')(roleType)}
                             <span class="Prompt-emphasis"> ${roleName} </span>
-                        role associated with ${userName}.
+                        role associated with ${$filter('sanitize')(userName)}.
                     </div>
                 `,
                 action: action,
@@ -47,6 +48,7 @@ export default ['$scope', 'ListDefinition', 'Dataset', 'Wait', 'Rest', 'ProcessE
         };
 
         $scope.deletePermissionFromTeam = function(teamId, teamName, roleName, roleType, url) {
+
             var action = function() {
                 $('#prompt-modal').modal('hide');
                 Wait('start');
@@ -68,9 +70,9 @@ export default ['$scope', 'ListDefinition', 'Dataset', 'Wait', 'Rest', 'ProcessE
                 hdr: `Remove role`,
                 body: `
                     <div class="Prompt-bodyQuery">
-                        Confirm  the removal of the ${roleType}
+                        Confirm  the removal of the ${$filter('sanitize')(roleType)}
                             <span class="Prompt-emphasis"> ${roleName} </span>
-                        role associated with the ${teamName} team.
+                        role associated with the ${$filter('sanitize')(teamName)} team.
                     </div>
                 `,
                 action: action,
diff --git a/awx/ui/client/src/access/rbac-role-column/roleList.directive.js b/awx/ui/client/src/access/rbac-role-column/roleList.directive.js
index 10b589cf7c..ec3b79754d 100644
--- a/awx/ui/client/src/access/rbac-role-column/roleList.directive.js
+++ b/awx/ui/client/src/access/rbac-role-column/roleList.directive.js
@@ -75,7 +75,7 @@ export default
                         } else {
                             Prompt({
                                 hdr: `User access removal`,
-                                body: `<div class="Prompt-bodyQuery">Please confirm that you would like to remove <span class="Prompt-emphasis">${entry.name}</span> access from <span class="Prompt-emphasis">${user.username}</span>.</div>`,
+                                body: `<div class="Prompt-bodyQuery">Please confirm that you would like to remove <span class="Prompt-emphasis">${entry.name}</span> access from <span class="Prompt-emphasis">${$filter('sanitize')(user.username)}</span>.</div>`,
                                 action: action,
                                 actionText: 'REMOVE'
                             });