diff --git a/src/messaging.js b/src/messaging.js
index 9a53f327ce..932f388fe1 100644
--- a/src/messaging.js
+++ b/src/messaging.js
@@ -78,6 +78,9 @@ Messaging.parse = function (message, fromuid, uid, roomId, isNew, callback) {
 			return callback(err);
 		}
 
+		parsed = S(parsed).stripTags().decodeHTMLEntities().s;
+		parsed = validator.escape(String(parsed));
+
 		var messageData = {
 			message: message,
 			parsed: parsed,