diff --git a/templates/input-image.php b/templates/input-image.php
index 313e0e6aace231a355dfedcba1bcdcdad250b113..5111c4c2c5af3cc159eb7e44597f4b46a5a5bf22 100644
--- a/templates/input-image.php
+++ b/templates/input-image.php
@@ -13,15 +13,15 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() );
 			id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
 	<div class="custom-img-container">
 		<?php if ( $value ) : ?>
-            <img src="<?php echo \esc_html( $value ) ?>" alt="" width="100"/>
+            <img src="<?php echo \esc_url( $value ) ?>" alt="" width="100"/>
 		<?php endif; ?>
     </div>
     <p class="hide-if-no-js">
-        <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_html( $value ) ?>">
-			<?php _e( 'Set image', 'wp-forms' ) ?>
+        <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_url( $value ) ?>">
+			<?php \esc_html_e( 'Set image', 'wp-forms' ) ?>
         </a>
         <a class="delete-custom-img <?php if ( ! $value ): ?>hidden<?php endif ?>" href="#">
-			<?php _e( 'Remove image', 'wp-forms' ) ?>
+			<?php \esc_html_e( 'Remove image', 'wp-forms' ) ?>
         </a>
     </p>
 </div>