diff --git a/CHANGELOG b/CHANGELOG
index 18a9d317cc4b73c1c4a15afb5cdd53f4e211944f..750ee1016d82cae52dfe7d8b6a6ed1403827848e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,7 @@ v 8.3.0 (unreleased)
   - Use new style for wiki
   - Use new style for milestone detail page
   - Fix sidebar tooltips when collapsed
+  - Prevent possible XSS attack with award-emoji
 
 v 8.2.3
   - Fix application settings cache not expiring after changes (Stan Hu)
diff --git a/app/models/note.rb b/app/models/note.rb
index de9392adbf44e3e5dd5eb28b984f32939a23f7e1..8f0efa8d4b79eb5d9b12dc0538d33e2e11785e7e 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -350,7 +350,7 @@ class Note < ActiveRecord::Base
   end
 
   def editable?
-    !system?
+    !system? && !is_award
   end
 
   # Checks if note is an award added as a comment
diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb
index cd3c868ecc57617647c447da37f5233df9930bf5..5b6f177ebb22759072b9888e594c69da17b8f047 100644
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
@@ -142,4 +142,21 @@ describe Note, models: true do
       expect(Note.grouped_awards.first.last).to match_array(Note.all)
     end
   end
+
+  describe "editable?" do
+    it "returns true" do
+      note = build(:note)
+      expect(note.editable?).to be_truthy
+    end
+
+    it "returns false" do
+      note = build(:note, system: true)
+      expect(note.editable?).to be_falsy
+    end
+
+    it "returns false" do
+      note = build(:note, is_award: true, note: "smiley")
+      expect(note.editable?).to be_falsy
+    end
+  end
 end