diff --git a/src/index.js b/src/index.js
index 9892d218..206a1d67 100644
--- a/src/index.js
+++ b/src/index.js
@@ -210,6 +210,9 @@ function _renderToString(vnode, context, isSvgMode, selectValue, parent) {
 		return rendered;
 	}
 
+	// VNodes have {constructor:undefined} to prevent JSON injection:
+	if (vnode.constructor !== undefined) return '';
+
 	vnode[PARENT] = parent;
 	if (options[DIFF]) options[DIFF](vnode);
 
diff --git a/src/pretty.js b/src/pretty.js
index 4d85cbc7..de7e66d3 100644
--- a/src/pretty.js
+++ b/src/pretty.js
@@ -53,6 +53,9 @@ export function _renderToStringPretty(
 		return rendered;
 	}
 
+	// VNodes have {constructor:undefined} to prevent JSON injection:
+	if (vnode.constructor !== undefined) return '';
+
 	let nodeName = vnode.type,
 		props = vnode.props,
 		isComponent = false;
diff --git a/test/jsx.test.js b/test/jsx.test.js
index 733ebaf4..e2969835 100644
--- a/test/jsx.test.js
+++ b/test/jsx.test.js
@@ -163,4 +163,8 @@ describe('jsx', () => {
 			<meta charset="utf-8" />
 		`);
 	});
+
+	it('should prevent JSON injection', () => {
+		expect(renderJsx(<div>{{ hello: 'world' }}</div>)).to.equal('<div></div>');
+	});
 });
diff --git a/test/pretty.test.js b/test/pretty.test.js
index 5c6b4410..9ddfecd1 100644
--- a/test/pretty.test.js
+++ b/test/pretty.test.js
@@ -222,4 +222,10 @@ describe('pretty', () => {
 			</p>
 		`);
 	});
+
+	it('should prevent JSON injection', () => {
+		expect(prettyRender(<div>{{ hello: 'world' }}</div>)).to.equal(
+			'<div></div>'
+		);
+	});
 });
diff --git a/test/render.test.js b/test/render.test.js
index 3783569c..0ca58827 100644
--- a/test/render.test.js
+++ b/test/render.test.js
@@ -1260,4 +1260,8 @@ describe('render', () => {
 			'<select><option selected value="2">2</option></select>'
 		);
 	});
+
+	it('should prevent JSON injection', () => {
+		expect(render(<div>{{ hello: 'world' }}</div>)).to.equal('<div></div>');
+	});
 });