diff --git a/packages/server/package.json b/packages/server/package.json
index 97a95d43..013e6007 100644
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -61,9 +61,9 @@
         "mysql": "^2.18.1",
         "pg": "^8.11.1",
         "reflect-metadata": "^0.1.13",
+        "sanitize-html": "^2.11.0",
         "socket.io": "^4.6.1",
         "sqlite3": "^5.1.6",
-        "strip-js": "^1.2.0",
         "typeorm": "^0.3.6",
         "uuid": "^9.0.1",
         "winston": "^3.9.0"
diff --git a/packages/server/src/utils/XSS.ts b/packages/server/src/utils/XSS.ts
index a69cde21..329c2ed2 100644
--- a/packages/server/src/utils/XSS.ts
+++ b/packages/server/src/utils/XSS.ts
@@ -1,10 +1,12 @@
 import { Request, Response, NextFunction } from 'express'
-let stripJs = require('strip-js')
+const sanitizeHtml = require('sanitize-html')
 
 export function sanitizeMiddleware(req: Request, res: Response, next: NextFunction): void {
-    req.url = stripJs(req.url)
+    // decoding is necessary as the url is encoded by the browser
+    const decodedURI = decodeURI(req.url)
+    req.url = sanitizeHtml(decodedURI)
     for (let p in req.query) {
-        req.query[p] = stripJs(req.query[p])
+        req.query[p] = sanitizeHtml(req.query[p])
     }
 
     next()