diff --git a/server/boot/user.js b/server/boot/user.js
index d1d7df35f3c..2276e8f01c4 100644
--- a/server/boot/user.js
+++ b/server/boot/user.js
@@ -21,6 +21,16 @@ function replaceScriptTags(value) {
     .replace(/<\/script>/gi, 'fcces');
 }
 
+function replaceFormAction(value) {
+  return value.replace(/<form[^>]*>/, function(val) {
+    return val.replace(/action(\s*?)=/, 'fccfaa$1=');
+  });
+}
+
+function encodeFcc(value = '') {
+  return replaceScriptTags(replaceFormAction(value));
+}
+
 function calcCurrentStreak(cals) {
   const revCals = cals.concat([Date.now()]).slice().reverse();
   let streakBroken = false;
@@ -256,7 +266,7 @@ module.exports = function(app) {
           longestStreak: profileUser.longestStreak,
           currentStreak: profileUser.currentStreak,
 
-          replaceScriptTags
+          encodeFcc
         });
       }
     );
diff --git a/server/views/account/show.jade b/server/views/account/show.jade
index ca08f895465..14132f22e55 100644
--- a/server/views/account/show.jade
+++ b/server/views/account/show.jade
@@ -154,9 +154,9 @@ block content
                                             td.col-xs-6.hidden-xs= bonfire.name
                                             td.col-xs-3.hidden-xs= moment(bonfire.completedDate, 'x').format("MMM DD, YYYY")
                                             td.col-xs-3.hidden-xs
-                                                a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(replaceScriptTags(bonfire.solution)), target='_blank') View my solution
+                                                a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(encodeFcc(bonfire.solution)), target='_blank') View my solution
                                             td.col-xs-12.visible-xs
-                                                a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(replaceScriptTags(bonfire.solution)), target='_blank')= bonfire.name
+                                                a(href='/challenges/' + bonfire.name + '?solution=' + encodeURIComponent(encodeFcc(bonfire.solution)), target='_blank')= bonfire.name
                         if (waypoints.length > 0)
                             .col-sm-12
                                 table.table.table-striped
@@ -171,12 +171,12 @@ block content
                                             td.col-xs-3.hidden-xs= moment(challenge.completedDate, 'x').format("MMM DD, YYYY")
                                             td.col-xs-3.hidden-xs
                                               if (challenge.solution)
-                                                  a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(replaceScriptTags(challenge.solution)), target='_blank') View my solution
+                                                  a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(encodeFcc(challenge.solution)), target='_blank') View my solution
                                               else
                                                   a(href='/challenges/' + challenge.name) View this challenge
                                             td.col-xs-12.visible-xs
                                               if (challenge.solution)
-                                                  a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(replaceScriptTags(challenge.solution)), target='_blank')= challenge.name
+                                                  a(href='/challenges/' + challenge.name + '?solution=' + encodeURIComponent(encodeFcc(challenge.solution)), target='_blank')= challenge.name
                                               else
                                                   a(href='/challenges/' + challenge.name)= challenge.name
     if (user && user.username === username)