diff --git a/bigbluebutton-html5/imports/api/polls/server/handlers/sendPollChatMsg.js b/bigbluebutton-html5/imports/api/polls/server/handlers/sendPollChatMsg.js
index 686dc31ec5d40eca18636844d7db74705048440d..f750f2778f44c249385188d38233d6bd73cf2aee 100644
--- a/bigbluebutton-html5/imports/api/polls/server/handlers/sendPollChatMsg.js
+++ b/bigbluebutton-html5/imports/api/polls/server/handlers/sendPollChatMsg.js
@@ -17,6 +17,7 @@ export default function sendPollChatMsg({ body }, meetingId) {
responded += item.numVotes;
return item;
}).map((item) => {
+ item.key = item.key.replace('<br/>', '');
const numResponded = responded === numRespondents ? numRespondents : responded;
const pct = Math.round(item.numVotes / numResponded * 100);
const pctFotmatted = `${Number.isNaN(pct) ? 0 : pct}%`;
diff --git a/bigbluebutton-html5/imports/ui/components/chat/time-window-list/time-window-chat-item/message-chat-item/component.jsx b/bigbluebutton-html5/imports/ui/components/chat/time-window-list/time-window-chat-item/message-chat-item/component.jsx
index c16643d37e2a727bd1c81c42f95587baa27f3b64..3fb6641c5f1e6633afa18062ed1330cc9dea42ce 100644
--- a/bigbluebutton-html5/imports/ui/components/chat/time-window-list/time-window-chat-item/message-chat-item/component.jsx
+++ b/bigbluebutton-html5/imports/ui/components/chat/time-window-list/time-window-chat-item/message-chat-item/component.jsx
@@ -175,7 +175,16 @@ class MessageChatItem extends PureComponent {
if (!isDefaultPoll) {
const entries = _text.split('<br/>');
const options = [];
- entries.map((e) => { options.push([e.slice(0, e.indexOf(':'))]); return e; });
+ entries.map((e) => {
+ // Sanitize. See: https://gist.github.com/sagewall/47164de600df05fb0f6f44d48a09c0bd
+ const div = document.createElement('div');
+ div.appendChild(document.createTextNode(e));
+ _text = _text.replace(e, div.innerHTML);
+ e = div.innerHTML;
+
+ options.push([e.slice(0, e.indexOf(':'))]);
+ return e;
+ });
options.map((o, idx) => {
if (o[0] !== '') {
_text = formatBoldBlack(_text.replace(o, idx + 1));