diff --git a/memoapp/Gemfile.lock b/memoapp/Gemfile.lock
index 4ed4084..4581f92 100644
--- a/memoapp/Gemfile.lock
+++ b/memoapp/Gemfile.lock
@@ -47,11 +47,15 @@ GEM
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
+    mini_portile2 (2.8.7)
     minitest (5.23.1)
     multi_json (1.15.0)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
     mutex_m (0.2.0)
+    nokogiri (1.16.7)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
     nokogiri (1.16.7-x86_64-linux)
       racc (~> 1.4)
     parallel (1.24.0)
@@ -89,6 +93,12 @@ GEM
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.31.3)
       parser (>= 3.3.1.0)
+    rubocop-fjord (0.3.0)
+      rubocop (>= 1.0)
+      rubocop-performance
+    rubocop-performance (1.21.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     sinatra (4.0.0)
@@ -117,6 +127,7 @@ PLATFORMS
 
 DEPENDENCIES
   erb_lint
+  rubocop-fjord
   sinatra
   sinatra-contrib
   webrick
diff --git a/memoapp/app.rb b/memoapp/app.rb
index 150b337..486f9ab 100644
--- a/memoapp/app.rb
+++ b/memoapp/app.rb
@@ -4,11 +4,26 @@ require 'sinatra'
 require 'sinatra/reloader'
 require 'json'
 require 'securerandom'
+require 'rack/protection'
+require 'rack/utils'
+
+use Rack::Protection
+
+helpers do
+  include Rack::Utils
+  alias_method :h, :escape_html
+end
 
 FILE_PATH = 'memos.json' # publicフォルダから移動
 
 def load_memos
-  File.exist?(FILE_PATH) ? JSON.parse(File.read(FILE_PATH)) : {}
+  if File.exist?(FILE_PATH) && !File.zero?(FILE_PATH)
+    JSON.parse(File.read(FILE_PATH))
+  else
+    {}
+  end
+rescue JSON::ParserError
+  {}
 end
 
 def save_memos(memos)
@@ -33,7 +48,7 @@ end
 post '/memos' do
   memos = load_memos
   id = SecureRandom.uuid
-  memos[id] = { 'title' => params[:title], 'content' => params[:content] }
+  memos[id] = { 'title' => h(params[:title]), 'content' => h(params[:content]) }
   save_memos(memos)
   redirect '/memos'
 end
@@ -53,7 +68,7 @@ end
 patch '/memos/:id' do
   memos = load_memos
   halt 404, erb(:not_found) unless memos[params[:id]]
-  memos[params[:id]] = { 'title' => params[:title], 'content' => params[:content] }
+  memos[params[:id]] = { 'title' => h(params[:title]), 'content' => h(params[:content]) }
   save_memos(memos)
   redirect "/memos/#{params[:id]}"
 end