diff --git a/dp_wizard/shiny/panels/results_panel/__init__.py b/dp_wizard/shiny/panels/results_panel/__init__.py
index d2669678..d31f8569 100644
--- a/dp_wizard/shiny/panels/results_panel/__init__.py
+++ b/dp_wizard/shiny/panels/results_panel/__init__.py
@@ -1,3 +1,4 @@
+import html
 import json
 import re
 from pathlib import Path
@@ -369,7 +370,11 @@ def notebook_py():
             return "raise Exception('qa_mode!')"
         return NotebookGenerator(
             analysis_plan(),
-            input.custom_download_note(),
+            # The custom download note is inserted as a comment,
+            # and jupytext copies it verbatim to a markdown cell,
+            # and nbconvert does not sanitize MD before converting to HTML.
+            # Sanitizing HTML would be more complicated, and potentially lossy.
+            html.escape(input.custom_download_note(), quote=False),
         ).make_py()
 
     @reactive.calc