diff --git a/src/main/resources/lessons/xxe/js/xxe.js b/src/main/resources/lessons/xxe/js/xxe.js
index 9c8ded38e0..8ee881af30 100644
--- a/src/main/resources/lessons/xxe/js/xxe.js
+++ b/src/main/resources/lessons/xxe/js/xxe.js
@@ -75,7 +75,7 @@ function getComments(field) {
             var comment = html.replace('USER', result[i].user);
             comment = comment.replace('DATETIME', result[i].dateTime);
             comment = comment.replace('COMMENT', result[i].text);
-            $(field).append(comment);
+            $(field).append(DOMPurify.sanitize(comment));
         }
 
     });