diff --git a/classes/incident.php b/classes/incident.php
index 4ced1db..0385754 100644
--- a/classes/incident.php
+++ b/classes/incident.php
@@ -83,8 +83,8 @@ class Incident implements JsonSerializable
     global $mysqli, $message;
     $user_id = $_SESSION['user'];
     $type = $_POST['type'];
-    $title = $_POST['title'];
-    $text = $_POST['text'];
+    $title = strip_tags($_POST['title']);
+    $text = strip_tags($_POST['text'], '<br>');
 
     if (strlen($title)==0)
     {
@@ -217,4 +217,4 @@ class Incident implements JsonSerializable
       "username" => $this->username
     ];
   }
-}          
\ No newline at end of file
+}