diff --git a/src/app/gui/modal/modal.component.html b/src/app/gui/modal/modal.component.html
index 79a91f6..7d921c0 100644
--- a/src/app/gui/modal/modal.component.html
+++ b/src/app/gui/modal/modal.component.html
@@ -1,8 +1,8 @@
-
-
-
+
+
+
diff --git a/src/app/gui/safe-html.pipe.ts b/src/app/gui/safe-html.pipe.ts
index 4dbf1c0..d5aa8c7 100644
--- a/src/app/gui/safe-html.pipe.ts
+++ b/src/app/gui/safe-html.pipe.ts
@@ -8,6 +8,14 @@ export class SafeHtmlPipe implements PipeTransform {
constructor(private sanitizer: DomSanitizer) {}
transform(value: any, args?: any): any {
+ // Allow html, disallow scripts, onclick, etc.
+ value = value.replace(/<\s*script\s*/gi, '');
+ // Remove if exists any javascript event
+ // eslint-disable-next-line max-len
+ value = value.replace(/onclick|onmouseover|onmouseout|onmousemove|onmouseenter|onmouseleave|onmouseup|onmousedown|onkeyup|onkeydown|onkeypress|onkeydown|onkeypress|onkeyup|onchange|onfocus|onblur|onload|onunload|onabort|onerror|onresize|onscroll/gi, '');
+ // Remove if exists any javascript:
+ value = value.replace(/javascript\s*\:/gi, '');
+
return this.sanitizer.bypassSecurityTrustHtml(value);
}