diff --git a/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/FluentCMS.Web.Plugins.TextHTML.csproj b/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/FluentCMS.Web.Plugins.TextHTML.csproj
index e1cfd29dc..9fc7a293d 100644
--- a/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/FluentCMS.Web.Plugins.TextHTML.csproj
+++ b/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/FluentCMS.Web.Plugins.TextHTML.csproj
@@ -27,4 +27,8 @@
     <None Include="..\..\..\icon.png" Pack="true" PackagePath="icon.png" />
     <None Include="README.md" Pack="true" PackagePath="README.md" />
   </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="HtmlSanitizer" Version="9.0.892" />
+  </ItemGroup>
 </Project>
diff --git a/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor b/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor
index eb73b6e32..33f35c177 100644
--- a/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor
+++ b/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor
@@ -10,7 +10,7 @@
     else
     {
         <div class="f-html-content">
-            @((MarkupString)Item.Content)
+            @((MarkupString)_sanitizedContent)
         </div>
     }
 }
diff --git a/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor.cs b/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor.cs
index e1be86e55..a18041209 100644
--- a/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor.cs
+++ b/src/Frontend/Plugins/FluentCMS.Web.Plugins.TextHTML/TextHTMLViewPlugin.razor.cs
@@ -1,9 +1,14 @@
+using Ganss.Xss;
+
 namespace FluentCMS.Web.Plugins.TextHTML;
 
 public partial class TextHTMLViewPlugin
 {
     private const string CONTENT_TYPE_NAME = nameof(TextHTMLContent);
     private TextHTMLContent? Item { get; set; }
+    private static readonly HtmlSanitizer Sanitizer = new();
+
+    private string _sanitizedContent = string.Empty;
 
     private async Task UpdateContent(string content)
     {
@@ -11,6 +16,7 @@ private async Task UpdateContent(string content)
             return;
 
         Item.Content = content;
+        _sanitizedContent = Sanitizer.Sanitize(Item.Content);
         await ApiClient.PluginContent.UpdateAsync(CONTENT_TYPE_NAME, Plugin.Id, Item.Id, Item.ToDictionary());
     }
 
@@ -27,7 +33,10 @@ protected override async Task OnInitializedAsync()
             var response = await ApiClient.PluginContent.GetAllAsync(CONTENT_TYPE_NAME, Plugin.Id);
 
             if (response?.Data != null && response.Data.ToContentList<TextHTMLContent>().Count != 0)
+            {
                 Item = response.Data.ToContentList<TextHTMLContent>().FirstOrDefault() ?? default!;
+                _sanitizedContent = Item is not null ? Sanitizer.Sanitize(Item.Content) : string.Empty;
+            }
         }
     }
 }