Fixed: fine tuned the sanitization of user input by allowing "safe" content; thanks to Jacques for the suggestion. Fixes CVE-2019-10073