diff --git a/GUI/package.json b/GUI/package.json
index 6afd4f2e..390ab7bb 100644
--- a/GUI/package.json
+++ b/GUI/package.json
@@ -4,8 +4,8 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "@buerokratt-ria/menu": "^0.2.10",
     "@buerokratt-ria/header": "^0.1.47",
+    "@buerokratt-ria/menu": "^0.2.10",
     "@buerokratt-ria/styles": "^0.0.1",
     "@buerokratt-ria/common-gui-components": "^0.0.38",
     "@fontsource/roboto": "^4.5.8",
@@ -48,15 +48,16 @@
     "recharts": "^2.10.4",
     "redux-persist": "^6.0.0",
     "redux-thunk": "^2.4.2",
+    "rich-textarea": "^0.26.4",
     "rxjs": "^7.8.0",
+    "sanitize-html": "^2.17.0",
     "sass": "^1.57.1",
     "sass-loader": "^13.2.0",
     "typescript": "^4.9.4",
-    "yup": "^1.0.0",
-    "zustand": "^4.4.0",
     "use-debounce": "^10.0.1",
     "usehooks-ts": "^2.9.1",
-    "rich-textarea": "^0.26.4"
+    "yup": "^1.0.0",
+    "zustand": "^4.4.0"
   },
   "scripts": {
     "start": "vite --port 3001",
@@ -79,6 +80,7 @@
     "@types/file-saver": "^2.0.5",
     "@types/howler": "^2.2.11",
     "@types/react-datepicker": "^4.8.0",
+    "@types/sanitize-html": "^2.16.0",
     "@types/wicg-file-system-access": "^2023.10.5",
     "@vitejs/plugin-react": "^3.0.0",
     "prettier": "^3.3.3",
diff --git a/GUI/src/components/ChatEvent/Markdownify.tsx b/GUI/src/components/ChatEvent/Markdownify.tsx
index d5d5932e..5b1553f4 100644
--- a/GUI/src/components/ChatEvent/Markdownify.tsx
+++ b/GUI/src/components/ChatEvent/Markdownify.tsx
@@ -1,5 +1,6 @@
 import React, { useState } from 'react';
 import Markdown from 'markdown-to-jsx';
+import sanitizeHtml from 'sanitize-html';
 
 interface MarkdownifyProps {
   message: string | undefined;
@@ -51,9 +52,11 @@ const LinkPreview: React.FC<{
 const hasSpecialFormat = (m: string) => m.includes('\n\n') && m.indexOf('.') > 0 && m.indexOf(':') > m.indexOf('.');
 
 function formatMessage(message?: string): string {
-  if (!message) return '';
+  const sanitizedMessage = sanitizeHtml(message ?? '');
 
-  const filteredMessage = message
+  if (!sanitizedMessage) return '';
+
+  const filteredMessage = sanitizedMessage
     .replaceAll(/\\?\$b\w*/g, '')
     .replaceAll(/\\?\$v\w*/g, '')
     .replaceAll(/\\?\$g\w*/g, '');