diff --git a/html.c b/html.c
index ef5e60b..c978bfb 100644
--- a/html.c
+++ b/html.c
@@ -549,26 +549,26 @@ d_char *html_top_controls(snac *snac, d_char *s)
 
         L("User setup..."),
         snac->actor,
-        L("User name"),
-        xs_dict_get(snac->config, "name"),
+        L("Display name"),
+        encode_html(xs_dict_get(snac->config, "name")),
         L("Avatar"),
         L("Bio"),
-        xs_dict_get(snac->config, "bio"),
+        encode_html(xs_dict_get(snac->config, "bio")),
         strcmp(cw, "open") == 0 ? "checked" : "",
         L("Always show sensitive content"),
         L("Email address for notifications"),
-        email,
+        encode_html(email),
         L("Telegram notifications (bot key and chat id)"),
-        telegram_bot,
-        telegram_chat_id,
+        encode_html(telegram_bot),
+        encode_html(telegram_chat_id),
         L("Maximum days to keep posts (0: server settings)"),
-        purge_days,
+        encode_html(purge_days),
         xs_type(d_dm_f_u) == XSTYPE_TRUE ? "checked" : "",
         L("Drop direct messages from people you don't follow"),
         xs_type(bot) == XSTYPE_TRUE ? "checked" : "",
         L("This account is a bot"),
-        L("Password (only to change it)"),
-        L("Repeat Password"),
+        L("New Password"),
+        L("Repeat New Password"),
         L("Update user info")
     );