diff --git a/dataRender/ellipsis.js b/dataRender/ellipsis.js
index 117b834..110073f 100644
--- a/dataRender/ellipsis.js
+++ b/dataRender/ellipsis.js
@@ -9,7 +9,7 @@
  * This function should be used with the `dt-init columns.render` configuration
  * option of DataTables.
  *
- * It accepts two parameters:
+ * It accepts three parameters:
  *
  * 1. `-type integer` - The number of characters to restrict the displayed data
  *    to.
@@ -17,6 +17,8 @@
  *    of the string should not occur in the middle of a word (`true`) or if it
  *    can (`false`). This can allow the display of strings to look nicer, at the
  *    expense of showing less characters.
+ * 2. `-type boolean` (optional - default `false`) - Escape HTML entities
+ *    (`true`) or not (`false` - default).
  *
  *  @name ellipsis
  *  @summary Restrict output data to a particular length, showing anything
@@ -45,31 +47,43 @@
  *    } );
  */
 
-jQuery.fn.dataTable.render.ellipsis = function ( cutoff, wordbreak ) {
-	return {
-		display: function ( d ) {
-			if ( wordbreak === undefined ) {
-				wordbreak = false;
-			}
+jQuery.fn.dataTable.render.ellipsis = function ( cutoff, wordbreak, escapeHtml ) {
+	var esc = function ( t ) {
+		return t
+			.replace( /&/, '&amp;' )
+			.replace( /</, '&lt;' )
+			.replace( />/, '&gt;' )
+			.replace( /"/, '&quot;' );
+	};
 
-			if ( typeof d !== 'number' && typeof d !== 'string' ) {
-				return d;
-			}
+	return function ( d, type, row ) {
+		// Order, search and type get the original data
+		if ( type !== 'display' ) {
+			return d;
+		}
 
-			var str = d.toString(); // cast numbers
+		if ( typeof d !== 'number' && typeof d !== 'string' ) {
+			return d;
+		}
 
-			if ( d.length < cutoff ) {
-				return d;
-			}
+		d = d.toString(); // cast numbers
 
-			str = d.substr(0, cutoff);
+		if ( d.length < cutoff ) {
+			return d;
+		}
 
-			if ( wordbreak ) {
-				// Find the last white space character in the string
-				str = str.replace(/\s([^\s]*)$/, '');
-			}
+		var shortened = d.substr(0, cutoff-1);
 
-			return '<span class="ellipsis" title="'+d+'">'+str+'&#8230;</span>';
+		// Find the last white space character in the string
+		if ( wordbreak ) {
+			shortened = shortened.replace(/\s([^\s]*)$/, '');
 		}
+
+		// Protect against uncontrolled HTML input
+		if ( escapeHtml ) {
+			shortened = esc( shortened );
+		}
+
+		return '<span class="ellipsis" title="'+esc(d)+'">'+shortened+'&#8230;</span>';
 	};
-};
\ No newline at end of file
+};
