diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
index 5598724cf6e2a6d3c3c440c5b248893628ed9310..cbb625753814f432fee18e2d05616203032a09c0 100755
--- a/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
+++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
@@ -322,7 +322,7 @@ public class ParamsProcessorUtil {
             meetingName = "";
         }
 
-        meetingName = ParamsUtil.stripControlChars(meetingName);
+        meetingName = ParamsUtil.stripHTMLTags(ParamsUtil.stripControlChars(meetingName));
 
         String externalMeetingId = params.get(ApiParams.MEETING_ID);
 
diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java
index 2124dece0abfa7105d63cb770ade4d9eae781f10..d02927d1e0d037d88fdc327499eb1382387db98f 100755
--- a/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java
+++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java
@@ -19,6 +19,10 @@ public class ParamsUtil {
   public static String stripControlChars(String text) {
     return text.replaceAll("\\p{Cc}", "");
   }
+  
+  public static String stripHTMLTags(String value) {
+    return value.replaceAll("\\<.*?>","");
+  }
 
   public static boolean isValidMeetingId(String meetingId) {
     //return  VALID_ID_PATTERN.matcher(meetingId).matches();
diff --git a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
index b13d5249578e07ea40b084fc3fe91a061ab294ed..2566ab051b736285b59e062776cd056d5ee43214 100755
--- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
+++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
@@ -30,6 +30,7 @@ import org.bigbluebutton.api.domain.Config
 import org.bigbluebutton.api.domain.GuestPolicy
 import org.bigbluebutton.api.domain.Meeting
 import org.bigbluebutton.api.domain.UserSession
+import org.bigbluebutton.api.util.ParamsUtil
 import org.bigbluebutton.api.util.ResponseBuilder
 import org.bigbluebutton.presentation.PresentationUrlDownloadService
 import org.bigbluebutton.presentation.UploadedPresentation
@@ -250,7 +251,7 @@ class ApiController {
     } else {
       errors.missingParamError("fullName");
     }
-    String fullName = params.fullName
+    String fullName = ParamsUtil.stripHTMLTags(params.fullName)
 
     // Do we have a meeting id? If none, complain.
     if (!StringUtils.isEmpty(params.meetingID)) {