diff --git a/isso/tests/test_html.py b/isso/tests/test_html.py
index f7f497c..f92f30a 100644
--- a/isso/tests/test_html.py
+++ b/isso/tests/test_html.py
@@ -98,3 +98,13 @@ class TestHTML(unittest.TestCase):
         self.assertIn(renderer("http://example.org/ and sms:+1234567890"),
                       ['<p><a href="http://example.org/" rel="nofollow noopener">http://example.org/</a> and sms:+1234567890</p>',
                        '<p><a rel="nofollow noopener" href="http://example.org/">http://example.org/</a> and sms:+1234567890</p>'])
+
+    def test_code_blocks(self):
+        convert = html.Markdown(extensions=('fenced-code',))
+        examples = [
+            ("```\nThis is a code-fence. <hello>\n```", "<p><pre><code>This is a code-fence. &lt;hello&gt;\n</code></pre></p>"),
+            ("```c++\nThis is a code-fence. <hello>\n```", "<p><pre><code class=\"c++\">This is a code-fence. &lt;hello&gt;\n</code></pre></p>"),
+            ("    This is a four-character indent. <hello>", "<p><pre><code>This is a four-character indent. &lt;hello&gt;\n</code></pre></p>")]
+
+        for (input, expected) in examples:
+            self.assertEqual(convert(input), expected)
diff --git a/isso/utils/html.py b/isso/utils/html.py
index 1bbd8e6..a694562 100644
--- a/isso/utils/html.py
+++ b/isso/utils/html.py
@@ -1,6 +1,7 @@
 # -*- encoding: utf-8 -*-
 
 from __future__ import unicode_literals
+import html
 
 import bleach
 import misaka
@@ -74,8 +75,8 @@ class Unofficial(misaka.HtmlRenderer):
     """
 
     def blockcode(self, text, lang):
-        lang = ' class="{0}"'.format(lang) if lang else ''
-        return "<pre><code{1}>{0}</code></pre>\n".format(text, lang)
+        lang = ' class="{0}"'.format(html.escape(lang)) if lang else ''
+        return "<pre><code{1}>{0}</code></pre>\n".format(html.escape(text,False), lang)
 
 
 class Markup(object):