diff --git a/src/util.js b/src/util.js
index 20c2f97..308952d 100644
--- a/src/util.js
+++ b/src/util.js
@@ -116,7 +116,7 @@ export const notify = html => new Promise((resolve, reject) => {
     return resolve();
   }
   // const cmd = `apprise '${cfg.notify}' ${title} -i html -b '${html}'`; // this had problems if e.g. ' was used in arg; could have `npm i shell-escape`, but instead using safer execFile which takes args as array instead of exec which spawned a shell to execute the command
-  const args = [cfg.notify, '-i', 'html', '-b', html];
+  const args = [cfg.notify, '-i', 'html', '-b', `'${html}'`];
   if (cfg.notify_title) args.push(...['-t', cfg.notify_title]);
   if (cfg.debug) console.debug(`apprise ${args.map(a => `'${a}'`).join(' ')}`); // this also doesn't escape, but it's just for info
   execFile('apprise', args, (error, stdout, stderr) => {