diff --git a/htdocs/sql/libraries/sanitizing.lib.php b/htdocs/sql/libraries/sanitizing.lib.php
new file mode 100755
--- /dev/null
+++ b/htdocs/sql/libraries/sanitizing.lib.php
@@ -0,0 +1,70 @@
+ '<',
+ '>' => '>',
+ '[i]' => '', // deprecated by em
+ '[/i]' => '', // deprecated by em
+ '[em]' => '',
+ '[/em]' => '',
+ '[b]' => '', // deprecated by strong
+ '[/b]' => '', // deprecated by strong
+ '[strong]' => '',
+ '[/strong]' => '',
+ '[tt]' => '', // deprecated by CODE or KBD
+ '[/tt]' => '', // deprecated by CODE or KBD
+ '[code]' => '',
+ '[/code]' => '',
+ '[kbd]' => '',
+ '[/kbd]' => '',
+ '[br]' => '
',
+ '[/a]' => '',
+ '[sup]' => '',
+ '[/sup]' => '',
+ );
+ $message = strtr($message, $replace_pairs);
+
+ $pattern = '/\[a@([^"@]*)@([^]"]*)\]/';
+
+ if (preg_match_all($pattern, $message, $founds, PREG_SET_ORDER)) {
+ $valid_links = array(
+ 'http', // default http:// links (and https://)
+ './Do', // ./Documentation
+ );
+
+ foreach ($founds as $found) {
+ // only http... and ./Do... allowed
+ if (! in_array(substr($found[1], 0, 4), $valid_links)) {
+ return $message;
+ }
+ // a-z and _ allowed in target
+ if (! empty($found[2]) && preg_match('/[^a-z_]+/i', $found[2])) {
+ return $message;
+ }
+ }
+
+ $message = preg_replace($pattern, '', $message);
+ }
+
+ return $message;
+}
+?>