diff --git a/js/privatebin.js b/js/privatebin.js
index 2926577..b9f25b9 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -405,9 +405,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {
me.urls2links = function(element)
{
element.html(
- element.html().replace(
- /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
- '$1'
+ DOMPurify.sanitize(
+ element.html().replace(
+ /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+ '$1'
+ )
)
);
};