diff --git a/app/helpers/pagination.php b/app/helpers/pagination.php
index 601a124..d626de6 100644
--- a/app/helpers/pagination.php
+++ b/app/helpers/pagination.php
@@ -26,7 +26,7 @@
     $step_pages = 10;
 
     if ($browse_page > 1) {
-        echo '<span><a href="' . $url . '&p=1">first</a></span>';
+        echo '<span><a href="' . htmlspecialchars($url) . '&p=1">first</a></span>';
     } else {
         echo '<span>first</span>';
     }
@@ -47,20 +47,20 @@
             if ($i === $browse_page) {
                 // current page, no link
                 if ($browse_page > 1) {
-                    echo '<span><a href="' . $app_root . '?platform=' . $platform_id . '&page=' . $page . $param . '&p=' . ($browse_page -1) . '"><<</a></span>';
+                    echo '<span><a href="' . htmlspecialchars($app_root) . '?platform=' . htmlspecialchars($platform_id) . '&page=' . htmlspecialchars($page) . htmlspecialchars($param) . '&p=' . (htmlspecialchars($browse_page) -1) . '"><<</a></span>';
                 } else {
                     echo '<span><<</span>';
                 }
-                echo '[' . $i . ']';
+                echo '[' . htmlspecialchars($i) . ']';
 
                 if ($browse_page < $page_count) {
-                    echo '<span><a href="' . $app_root . '?platform=' . $platform_id . '&page=' . $page . $param . '&p=' . ($browse_page +1) . '">>></a></span>';
+                    echo '<span><a href="' . htmlspecialchars($app_root) . '?platform=' . htmlspecialchars($platform_id) . '&page=' . htmlspecialchars($page) . htmlspecialchars($param) . '&p=' . (htmlspecialchars($browse_page) +1) . '">>></a></span>';
                 } else {
                     echo '<span>>></span>';
                 }
             } else {
                 // other pages
-                echo '<span><a href="' . $app_root . '?platform=' . $platform_id . '&page=' . $page . $param . '&p=' . $i . '">[' . $i . ']</a></span>';
+                echo '<span><a href="' . htmlspecialchars($app_root) . '?platform=' . htmlspecialchars($platform_id) . '&page=' . htmlspecialchars($page) . htmlspecialchars($param) . '&p=' . htmlspecialchars($i) . '">[' . htmlspecialchars($i) . ']</a></span>';
             }
         // show ellipses between distant pages
         } elseif (
@@ -72,7 +72,7 @@
     }
 
     if ($browse_page < $page_count) {
-        echo '<span><a href="' . $app_root . '?platform=' . $platform_id . '&page=' . $page . $param . '&p=' . ($page_count) . '">last</a></span>';
+        echo '<span><a href="' . htmlspecialchars($app_root) . '?platform=' . htmlspecialchars($platform_id) . '&page=' . htmlspecialchars($page) . htmlspecialchars($param) . '&p=' . (htmlspecialchars($page_count)) . '">last</a></span>';
     } else {
         echo '<span>last</span>';
     }
diff --git a/app/helpers/sanitize.php b/app/helpers/sanitize.php
index 4ed6b19..be9bcf8 100644
--- a/app/helpers/sanitize.php
+++ b/app/helpers/sanitize.php
@@ -1,5 +1,6 @@
 <?php
-// sanitize all vars that may end up in URLs or forms
+
+// sanitize all input vars that may end up in URLs or forms
 
 $platform_id = htmlspecialchars($_REQUEST['platform']);
 if (isset($_REQUEST['page'])) {
@@ -12,12 +13,7 @@ if (isset($_REQUEST['item'])) {
 } else {
     $item = '';
 }
-if (isset($_SESSION['notice'])) {
-    $notice = htmlspecialchars($_SESSION['notice']); // 'notice' for all non-critical messages
-}
-if (isset($_SESSION['error'])) {
-    $error = htmlspecialchars($_SESSION['error']); // 'error' for errors
-}
+
 if (isset($_REQUEST['from_time'])) {
     $from_time = htmlspecialchars($_REQUEST['from_time']);
 }
@@ -25,5 +21,28 @@ if (isset($_REQUEST['until_time'])) {
     $until_time = htmlspecialchars($_REQUEST['until_time']);
 }
 
+if (isset($_SESSION['notice'])) {
+    $notice = htmlspecialchars($_SESSION['notice']); // 'notice' for all non-critical messages
+}
+if (isset($_SESSION['error'])) {
+    $error = htmlspecialchars($_SESSION['error']); // 'error' for errors
+}
+
+// agents
+if (isset($_POST['type'])) {
+    $type = htmlspecialchars($_POST['type']);
+}
+if (isset($_POST['url'])) {
+    $url = htmlspecialchars($_POST['url']);
+}
+if (isset($_POST['secret_key'])) {
+    $secret_key = htmlspecialchars($_POST['secret_key']);
+}
+
+// platforms
+if (isset($_POST['name'])) {
+    $name = htmlspecialchars($_POST['name']);
+}
+
 
 ?>
diff --git a/app/pages/config.php b/app/pages/config.php
index 1ef2604..90eea9a 100644
--- a/app/pages/config.php
+++ b/app/pages/config.php
@@ -17,12 +17,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 //    $content = file_get_contents($config_file);
 //    $updatedContent = $content;
 
-    // sanitize
-    $type = htmlspecialchars($_POST['type']);
-    $url = htmlspecialchars($_POST['url']);
-    $secret_key = htmlspecialchars($_POST['secret_key']);
-    $name = htmlspecialchars($_POST['name']);
-
     // new agent adding
     if (isset($_POST['new']) && isset($_POST['item']) && $_POST['new'] === 'true' && $_POST['item'] === 'agent') {
         $newAgent = [
diff --git a/app/templates/agent-list.php b/app/templates/agent-list.php
index bba0403..8cb9797 100644
--- a/app/templates/agent-list.php
+++ b/app/templates/agent-list.php
@@ -1,14 +1,14 @@
 
                 <!-- jilo agents -->
                 <div class="card text-center w-75 mx-lef">
-                    <p class="h4 card-header">Jilo Agents on platform <?= $platform_id ?> (<?= $platformDetails[0]['name'] ?>)</p>
+                    <p class="h4 card-header">Jilo Agents on platform <?= htmlspecialchars($platform_id) ?> (<?= htmlspecialchars($platformDetails[0]['name']) ?>)</p>
                     <div class="card-body">
 <?php foreach ($agentDetails as $agent) { ?>
                         <p class="card-text text-left" style="text-align: left;">
-                            agent id: <strong><?= $agent['id'] ?></strong>
-                            agent type: <?= $agent['agent_type_id'] ?> (<strong><?= $agent['agent_description'] ?></strong>)
+                            agent id: <strong><?= htmlspecialchars($agent['id']) ?></strong>
+                            agent type: <?= htmlspecialchars($agent['agent_type_id']) ?> (<strong><?= htmlspecialchars($agent['agent_description']) ?></strong>)
                             <br />
-                            endpoint: <strong><?= $agent['url'] ?><?= $agent['agent_endpoint'] ?></strong>
+                            endpoint: <strong><?= htmlspecialchars($agent['url']) ?><?= htmlspecialchars($agent['agent_endpoint']) ?></strong>
                             <br />
 <?php
     $payload = [
@@ -22,16 +22,16 @@
 //    print_r($_SESSION);
 ?>
 <?php if (isset($_SESSION["agent{$agent['id']}_cache"])) { ?>
-                            <button id="agent<?= $agent['id'] ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= $agent['id'] ?>', '<?= $agent['url'] ?>', '<?= $agent['agent_endpoint'] ?>', '<?= htmlspecialchars($jwt) ?>', true)">fetch data</button>
-                            <button id="agent<?= $agent['id'] ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= $agent['id'] ?>')">load cache</button>
-                            <button id="agent<?= $agent['id'] ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= $agent['id'] ?>')">clear cache</button>
-                            <span id="cacheInfo<?= $agent['id'] ?>" style="margin: 5px 0;"></span>
+                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= htmlspecialchars($agent['id']) ?>', '<?= htmlspecialchars($agent['url']) ?>', '<?= htmlspecialchars($agent['agent_endpoint']) ?>', '<?= htmlspecialchars($jwt) ?>', true)">fetch data</button>
+                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= htmlspecialchars($agent['id']) ?>')">load cache</button>
+                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= htmlspecialchars($agent['id']) ?>')">clear cache</button>
+                            <span id="cacheInfo<?= htmlspecialchars($agent['id']) ?>" style="margin: 5px 0;"></span>
 <?php } else { ?>
-                            <button id="agent<?= $agent['id'] ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= $agent['id'] ?>', '<?= $agent['url'] ?>', '<?= $agent['agent_endpoint'] ?>', '<?= htmlspecialchars($jwt) ?>')">fetch data</button>
-                            <button style="display: none" disabled id="agent<?= $agent['id'] ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= $agent['id'] ?>')">load cache</button>
-                            <button style="display: none" disabled id="agent<?= $agent['id'] ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= $agent['id'] ?>')">clear cache</button>
-                            <span style="display: none" id="cacheInfo<?= $agent['id'] ?>" style="margin: 5px 0;"></span>
+                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= htmlspecialchars($agent['id']) ?>', '<?= htmlspecialchars($agent['url']) ?>', '<?= htmlspecialchars($agent['agent_endpoint']) ?>', '<?= htmlspecialchars($jwt) ?>')">fetch data</button>
+                            <button style="display: none" disabled id="agent<?= htmlspecialchars($agent['id']) ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= htmlspecialchars($agent['id']) ?>')">load cache</button>
+                            <button style="display: none" disabled id="agent<?= htmlspecialchars($agent['id']) ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= htmlspecialchars($agent['id']) ?>')">clear cache</button>
+                            <span style="display: none" id="cacheInfo<?= htmlspecialchars($agent['id']) ?>" style="margin: 5px 0;"></span>
 <?php } ?>
                     </p>
-                        <pre class="results" id="result<?= $agent['id'] ?>">click a button to display data from the agent.</pre>
+                        <pre class="results" id="result<?= htmlspecialchars($agent['id']) ?>">click a button to display data from the agent.</pre>
 <?php } ?>
diff --git a/app/templates/block-message.php b/app/templates/block-message.php
index 50a3133..4cb5df0 100644
--- a/app/templates/block-message.php
+++ b/app/templates/block-message.php
@@ -1,7 +1,7 @@
 <?php if (isset($error)) { ?>
-        <div class="error"><?php echo $error; ?></div>
+        <div class="error"><?= htmlspecialchars($error) ?></div>
 <?php } ?>
 
 <?php if (isset($notice)) { ?>
-        <div class="notice"><?php echo $notice; ?></div>
+        <div class="notice"><?= htmlspecialchars($notice) ?></div>
 <?php } ?>
diff --git a/app/templates/block-results-filter.php b/app/templates/block-results-filter.php
index 5c984b5..18ea088 100644
--- a/app/templates/block-results-filter.php
+++ b/app/templates/block-results-filter.php
@@ -1,15 +1,15 @@
 
                     <!-- Results filter -->
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
-                        <form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
+                        <form method="POST" id="filter_form" action="?platform=<?= htmlspecialchars($platform_id) ?>&page=<?= htmlspecialchars($page) ?>">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . htmlspecialchars($from_time) . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
-                            <input type="text" name="id" placeholder="ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
-                            <input type="text" name="name" placeholder="name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . htmlspecialchars($until_time) . "\"" ?> />
+                            <input type="text" name="id" placeholder="ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . htmlspecialchars($_REQUEST['id']) . "\"" ?> />
+                            <input type="text" name="name" placeholder="name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . htmlspecialchars($_REQUEST['name']) . "\"" ?> />
 <?php if ($page == 'participants') { ?>
-                            <input type="text" name="ip" placeholder="ip address"<?php if (isset($_REQUEST['ip'])) echo " value=\"" . $_REQUEST['ip'] . "\"" ?> maxlength="15" size="15" />
+                            <input type="text" name="ip" placeholder="ip address"<?php if (isset($_REQUEST['ip'])) echo " value=\"" . htmlspecialchars($_REQUEST['ip']) . "\"" ?> maxlength="15" size="15" />
 <?php } ?>
                             <input type="button" onclick="clearFilter()" value="clear" />
                             <input type="submit" value="search" />
diff --git a/app/templates/config-add-agent.php b/app/templates/config-add-agent.php
index c93e732..15f0bd1 100644
--- a/app/templates/config-add-agent.php
+++ b/app/templates/config-add-agent.php
@@ -1,10 +1,10 @@
 
                 <!-- widget "agents" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Add new Jilo Agent to Jitsi platform "<strong><?= $platformDetails[0]['name'] ?></strong>"</p>
+                    <p class="h4 card-header">Add new Jilo Agent to Jitsi platform "<strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong>"</p>
                     <div class="card-body">
                         <!--p class="card-text">add new agent:</p-->
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
 
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
@@ -15,8 +15,8 @@
                                     <select class="form-control" type="text" name="type" id="agent_type_id" required>
                                         <option></option>
 <?php foreach ($jilo_agent_types as $agent_type) { ?>
-                                        <option value="<?= $agent_type['id']?>">
-                                            <?= $agent_type['description'] ?>
+                                        <option value="<?= htmlspecialchars($agent_type['id']) ?>">
+                                            <?= htmlspecialchars($agent_type['description']) ?>
                                         </option>
 <?php } ?>
                                     </select>
@@ -50,7 +50,7 @@
                             <input type="hidden" name="item" value="agent" />
 
                             <br />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config" />Cancel</a>
+                            <a class="btn btn-secondary" href="<?= htmlspecialchars($app_root) ?>?page=config" />Cancel</a>
                             <input type="submit" class="btn btn-primary" value="Save" />
                         </form>
                     </div>
diff --git a/app/templates/config-add-platform.php b/app/templates/config-add-platform.php
index b5c0666..3f1eb8f 100644
--- a/app/templates/config-add-platform.php
+++ b/app/templates/config-add-platform.php
@@ -4,7 +4,7 @@
                     <p class="h4 card-header">Add new Jitsi platform</p>
                     <div class="card-body">
                         <!--p class="card-text">add new platform:</p-->
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
 
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
@@ -42,7 +42,7 @@
                             <input type="hidden" name="new" value="true" />
 
                             <br />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config" />Cancel</a>
+                            <a class="btn btn-secondary" href="<?= htmlspecialchars($app_root) ?>?page=config" />Cancel</a>
                             <input type="submit" class="btn btn-primary" value="Save" />
                         </form>
                     </div>
diff --git a/app/templates/config-delete-agent.php b/app/templates/config-delete-agent.php
index ad53cca..fd2381d 100644
--- a/app/templates/config-delete-agent.php
+++ b/app/templates/config-delete-agent.php
@@ -1,30 +1,30 @@
 
                 <!-- widget "agents" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
+                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">delete an agent:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
 <?php
 foreach ($agentDetails[0] as $key => $value) {
 //    if ($key === 'id') continue;
 ?>
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
-                                    <label for="<?= $key ?>" class="form-label"><?= $key ?>:</label>
+                                    <label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= htmlspecialchars($key) ?>:</label>
                                 </div>
                                 <div class="col-md-8">
-                                    <div class="text-start"><?= $value ?? '')?></div>
-                                    <input type="hidden" name="<?= $key ?>" value="<?= $value ?? '' ?>" />
+                                    <div class="text-start"><?= htmlspecialchars($value ?? '') ?></div>
+                                    <input type="hidden" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '') ?>" />
                                 </div>
                             </div>
 <?php } ?>
                             <br />
-                            <input type="hidden" name="agent" value="<?= $agentDetails[0]['id'] ?>" />
+                            <input type="hidden" name="agent" value="<?= htmlspecialchars($agentDetails[0]['id']) ?>" />
                             <input type="hidden" name="delete" value="true" />
                             <p class="h5 text-danger">Are you sure you want to delete this agent?</p>
                             <br />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>agent<?= $agentDetails[0]['id'] ?>" />Cancel</a>
+                            <a class="btn btn-secondary" href="<?= htmlspecialchars($app_root) ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>agent<?= htmlspecialchars($agentDetails[0]['id']) ?>" />Cancel</a>
                             <input type="submit" class="btn btn-danger" value="Delete" />
                         </form>
                     </div>
diff --git a/app/templates/config-delete-platform.php b/app/templates/config-delete-platform.php
index d115e7d..a00de9b 100644
--- a/app/templates/config-delete-platform.php
+++ b/app/templates/config-delete-platform.php
@@ -1,30 +1,30 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
+                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">delete a platform:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
 <?php
 foreach ($platformDetails[0] as $key => $value) {
     if ($key === 'id') continue;
 ?>
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
-                                    <label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= $key ?>:</label>
+                                    <label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= htmlspecialchars($key) ?>:</label>
                                 </div>
                                 <div class="col-md-8">
-                                    <div class="text-start"><?= $value ?? '' ?></div>
+                                    <div class="text-start"><?= htmlspecialchars($value) ?? '' ?></div>
                                     <input type="hidden" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '')?>" />
                                 </div>
                             </div>
 <?php } ?>
                             <br />
-                            <input type="hidden" name="platform" value="<?= $platform_id ?>" />
+                            <input type="hidden" name="platform" value="<?= htmlspecialchars($platform_id) ?>" />
                             <input type="hidden" name="delete" value="true" />
                             <p class="h5 text-danger">Are you sure you want to delete this platform?</p>
                             <br />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>" />Cancel</a>
+                            <a class="btn btn-secondary" href="<?= htmlspecialchars($app_root) ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>" />Cancel</a>
                             <input type="submit" class="btn btn-danger" value="Delete" />
                         </form>
                     </div>
diff --git a/app/templates/config-edit-agent.php b/app/templates/config-edit-agent.php
index 0f50e8e..fe32be5 100644
--- a/app/templates/config-edit-agent.php
+++ b/app/templates/config-edit-agent.php
@@ -1,10 +1,10 @@
 
                 <!-- agents -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
+                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">edit the agent details:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
 
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
@@ -15,8 +15,8 @@
                                     <select class="form-control" type="text" name="type" id="agent_type_id" required>
                                         <option></option>
 <?php foreach ($jilo_agent_types as $agent_type) { ?>
-                                        <option value="<?= $agent_type['id']?>" <?php if ($agentDetails[0]['agent_type_id'] === $agent_type['id']) echo 'selected'; ?>>
-                                            <?= $agent_type['description'] ?>
+                                        <option value="<?= htmlspecialchars($agent_type['id']) ?>" <?php if ($agentDetails[0]['agent_type_id'] === $agent_type['id']) echo 'selected'; ?>>
+                                            <?= htmlspecialchars($agent_type['description']) ?>
                                         </option>
 <?php } ?>
                                     </select>
@@ -30,7 +30,7 @@
                                     <span class="text-danger" style="margin-right: -12px;">*</span>
                                 </div>
                                 <div class="col-md-8">
-                                    <input class="form-control" type="text" name="url" value="<?= $agentDetails[0]['url'] ?>" required />
+                                    <input class="form-control" type="text" name="url" value="<?= htmlspecialchars($agentDetails[0]['url']) ?>" required />
                                     <p class="text-start"><small>URL of the Jilo Agent API (https://example.com:8081)</small></p>
                                 </div>
                             </div>
@@ -41,15 +41,15 @@
                                     <span class="text-danger" style="margin-right: -12px;">*</span>
                                 </div>
                                 <div class="col-md-8">
-                                    <input class="form-control" type="text" name="secret_key" value="<?= $agentDetails[0]['secret_key'] ?>" required />
+                                    <input class="form-control" type="text" name="secret_key" value="<?= htmlspecialchars($agentDetails[0]['secret_key']) ?>" required />
                                     <p class="text-start"><small>secret key for generating the access JWT token</small></p>
                                 </div>
                             </div>
 
 
                             <br />
-                            <input type="hidden" name="agent" value="<?= $agentDetails[0]['id'] ?>" />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>agent<?= $agentDetails[0]['id'] ?>" />Cancel</a>
+                            <input type="hidden" name="agent" value="<?= htmlspecialchars($agentDetails[0]['id']) ?>" />
+                            <a class="btn btn-secondary" href="<?= htmlspecialchars($app_root) ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>agent<?= htmlspecialchars($agentDetails[0]['id']) ?>" />Cancel</a>
                             <input type="submit" class="btn btn-primary" value="Save" />
                         </form>
                     </div>
diff --git a/app/templates/config-edit-platform.php b/app/templates/config-edit-platform.php
index 98af5f8..68cd81a 100644
--- a/app/templates/config-edit-platform.php
+++ b/app/templates/config-edit-platform.php
@@ -1,21 +1,21 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
+                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">edit the platform details:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
 <?php
 foreach ($platformDetails[0] as $key => $value) {
     if ($key === 'id') continue;
 ?>
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
-                                    <label for="<?= htmlspecialchars($config_item) ?>" class="form-label"><?= $key ?></label>
+                                    <label for="<?= htmlspecialchars($config_item) ?>" class="form-label"><?= htmlspecialchars($key) ?></label>
                                     <span class="text-danger" style="margin-right: -12px;">*</span>
                                 </div>
                                 <div class="col-md-8">
-                                    <input class="form-control" type="text" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '')?>" required autofocus />
+                                    <input class="form-control" type="text" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '') ?>" required autofocus />
 <?php if ($key === 'name') { ?>
                                     <p class="text-start"><small>descriptive name for the platform</small></p>
 <?php } elseif ($key === 'jitsi_url') { ?>
@@ -27,8 +27,8 @@ foreach ($platformDetails[0] as $key => $value) {
                             </div>
 <?php } ?>
                             <br />
-                            <input type="hidden" name="platform" value="<?= $platform_id ?>" />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>" />Cancel</a>
+                            <input type="hidden" name="platform" value="<?= htmlspecialchars($platform_id) ?>" />
+                            <a class="btn btn-secondary" href="<?= htmlspecialchars($app_root) ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>" />Cancel</a>
                             <input type="submit" class="btn btn-primary" value="Save" />
                         </form>
                     </div>
diff --git a/app/templates/config-list-configjs.php b/app/templates/config-list-configjs.php
index f4bd96f..9fbce06 100644
--- a/app/templates/config-list-configjs.php
+++ b/app/templates/config-list-configjs.php
@@ -1,20 +1,20 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-75 mx-lef">
-                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= $platformDetails[0]['name'] ?></strong></p>
+                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong></p>
                     <div class="card-body">
                         <p class="card-text">
-                            <span class="m-3">URL: <?= $platformDetails[0]['jitsi_url'] ?></span>
+                            <span class="m-3">URL: <?= htmlspecialchars($platformDetails[0]['jitsi_url']) ?></span>
                             <span class="m-3">FILE: config.js</span>
 <?php if ($mode === 'raw') { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs">view only active lines</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs">view only active lines</a></span>
 <?php } else { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs&mode=raw">view raw file contents</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs&mode=raw">view raw file contents</a></span>
 <?php } ?>
                         </p>
 <pre class="results">
 <?php
-echo $platformConfigjs;
+echo htmlspecialchars($platformConfigjs);
 ?>
 </pre>
                     </div>
diff --git a/app/templates/config-list-interfaceconfigjs.php b/app/templates/config-list-interfaceconfigjs.php
index cf6a4f7..abfb015 100644
--- a/app/templates/config-list-interfaceconfigjs.php
+++ b/app/templates/config-list-interfaceconfigjs.php
@@ -1,20 +1,20 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-75 mx-lef">
-                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= $platformDetails[0]['name'] ?></strong></p>
+                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong></p>
                     <div class="card-body">
                         <p class="card-text">
-                            <span class="m-3">URL: <?= $platformDetails[0]['jitsi_url'] ?></span>
+                            <span class="m-3">URL: <?= htmlspecialchars($platformDetails[0]['jitsi_url']) ?></span>
                             <span class="m-3">FILE: interface_config.js</span>
 <?php if ($mode === 'raw') { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs">view only active lines</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs">view only active lines</a></span>
 <?php } else { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs&mode=raw">view raw file contents</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs&mode=raw">view raw file contents</a></span>
 <?php } ?>
                         </p>
 <pre class="results">
 <?php
-echo $platformInterfaceConfigjs;
+echo htmlspecialchars($platformInterfaceConfigjs);
 ?>
 </pre>
                     </div>
diff --git a/app/templates/config-list.php b/app/templates/config-list.php
index eb18c78..3f90551 100644
--- a/app/templates/config-list.php
+++ b/app/templates/config-list.php
@@ -11,33 +11,33 @@ echo "\n";
 ?>
 
 <hr />
-                        <p class="card-text">platforms configuration &nbsp;<a class="btn btn-secondary" style="padding: 0px;" href="<?= $app_root ?>?page=config&item=platform&action=add">add new</a></p>
+                        <p class="card-text">platforms configuration &nbsp;<a class="btn btn-secondary" style="padding: 0px;" href="<?= htmlspecialchars($app_root) ?>?page=config&item=platform&action=add">add new</a></p>
 
 <?php foreach ($platformsAll as $platform_array) {
     $agents = $agentObject->getAgentDetails($platform_array['id']);
 ?>
 
-                        <a name="platform<?= $platform_array['id'] ?>"></a>
+                        <a name="platform<?= htmlspecialchars($platform_array['id']) ?>"></a>
                         <div class="row mb-3" style="padding-left: 0px;">
                             <div class="border bg-light" style="padding-left: 50px; padding-bottom: 0px; padding-top: 0px;">
-                                <a style="text-decoration: none;" data-toggle="collapse" href="#collapsePlatform<?= $platform_array['id'] ?>" role="button" aria-expanded="true" aria-controls="collapsePlatform<?= $platform_array['id'] ?>">
-                                    <div class="border bg-white text-start mb-3 rounded mt-3" data-toggle="tooltip" data-placement="bottom" title="configuration for platform <?= $platform_array['id'] ?>">
+                                <a style="text-decoration: none;" data-toggle="collapse" href="#collapsePlatform<?= htmlspecialchars($platform_array['id']) ?>" role="button" aria-expanded="true" aria-controls="collapsePlatform<?= htmlspecialchars($platform_array['id']) ?>">
+                                    <div class="border bg-white text-start mb-3 rounded mt-3" data-toggle="tooltip" data-placement="bottom" title="configuration for platform <?= htmlspecialchars($platform_array['id']) ?>">
                                         <i class="fas fa-wrench"></i>
-                                        <small>platform <?= $platform_array['id'] ?> (<?= $platform_array['name'] ?>)</small>
+                                        <small>platform <?= htmlspecialchars($platform_array['id']) ?> (<?= htmlspecialchars($platform_array['name']) ?>)</small>
                                     </div>
                                 </a>
-                                <div class="collapse show" id="collapsePlatform<?= $platform_array['id'] ?>">
+                                <div class="collapse show" id="collapsePlatform<?= htmlspecialchars($platform_array['id']) ?>">
 
                                     <div class="row mb-1" style="padding-left: 0px;">
                                         <div class="col-md-8 text-start">
 
                                             <div class="row mb-1">
                                                 <div class="col-md-8 text-start">
-                                                    <a class="btn btn-secondary" style="padding: 2px;" href="<?= $app_root ?>?page=config&platform=<?= htmlspecialchars($platform_array['id']) ?>&action=edit">edit platform</a>
+                                                    <a class="btn btn-secondary" style="padding: 2px;" href="<?= htmlspecialchars($app_root) ?>?page=config&platform=<?= htmlspecialchars($platform_array['id']) ?>&action=edit">edit platform</a>
 <?php if (count($platformsAll) <= 1) { ?>
                                                     <span class="btn btn-light" style="padding: 2px;" href="#" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="can't delete the last platform">delete platform</span>
 <?php } else { ?>
-                                                    <a class="btn btn-danger" style="padding: 2px;" href="<?= $app_root ?>?page=config&platform=<?= htmlspecialchars($platform_array['id'])?>&action=delete">delete platform</a>
+                                                    <a class="btn btn-danger" style="padding: 2px;" href="<?= htmlspecialchars($app_root) ?>?page=config&platform=<?= htmlspecialchars($platform_array['id']) ?>&action=delete">delete platform</a>
 <?php } ?>
                                                 </div>
                                             </div>
@@ -49,36 +49,36 @@ echo "\n";
 ?>
                                             <div class="row mb-1" style="padding-left: 100px;">
                                                 <div class="col-md-4 text-end">
-                                                    <?= $key ?>:
+                                                    <?= htmlspecialchars($key) ?>:
                                                 </div>
                                                 <div class="border col-md-8 text-start">
-                                                    <?= $value ?>
+                                                    <?= htmlspecialchars($value) ?>
                                                 </div>
                                             </div>
 <?php } ?>
 
                                         </div>
                                         <hr />
-                                        <p class="card-text">jilo agents on platform <?= $platform_array['id'] ?> (<?= $platform_array['name'] ?>)
+                                        <p class="card-text">jilo agents on platform <?= htmlspecialchars($platform_array['id']) ?> (<?= htmlspecialchars($platform_array['name']) ?>)
                                             <br />
-                                            total <?= count($agents) ?> <?= count($agents) === 1 ? 'jilo agent' : 'jilo agents' ?>&nbsp;
-                                            <a class="btn btn-secondary" style="padding: 0px;" href="<?= $app_root ?>?page=config&platform=<?= $platform_array['id'] ?>&action=add-agent">
+                                            total <?= htmlspecialchars(count($agents)) ?> <?= htmlspecialchars(count($agents)) === 1 ? 'jilo agent' : 'jilo agents' ?>&nbsp;
+                                            <a class="btn btn-secondary" style="padding: 0px;" href="<?= htmlspecialchars($app_root) ?>?page=config&platform=<?= htmlspecialchars($platform_array['id']) ?>&action=add-agent">
                                                 add new
                                             </a>
                                         </p>
 
 <?php foreach ($agents as $agent_array) { ?>
 
-                                        <a name="platform<?= $platform_array['id'] ?>agent<?= $agent_array['id'] ?>"></a>
+                                        <a name="platform<?= htmlspecialchars($platform_array['id']) ?>agent<?= htmlspecialchars($agent_array['id']) ?>"></a>
                                         <div class="row mb-3" style="padding-left: 0px;">
                                             <div class="border rounded bg-light" style="padding-left: 50px; padding-bottom: 20px; padding-top: 20px;">
                                                 <div class="row mb-1" style="padding-left: 0px;">
                                                     <div class="col-md-4 text-end">
-                                                        agent id <?= $agent_array['id'] ?>:
+                                                        agent id <?= htmlspecialchars($agent_array['id']) ?>:
                                                     </div>
                                                     <div class="col-md-8 text-start">
-                                                        <a class="btn btn-secondary" style="padding: 2px;" href="<?= $app_root ?>?page=config&platform=<?= htmlspecialchars($agent_array['platform_id']) ?>&agent=<?= htmlspecialchars($agent_array['id']) ?>&action=edit">edit agent</a>
-                                                        <a class="btn btn-danger" style="padding: 2px;" href="<?= $app_root ?>?page=config&platform=<?= htmlspecialchars($agent_array['platform_id'])?>&agent=<?= htmlspecialchars($agent_array['id']) ?>&action=delete">delete agent</a>
+                                                        <a class="btn btn-secondary" style="padding: 2px;" href="<?= htmlspecialchars($app_root) ?>?page=config&platform=<?= htmlspecialchars($agent_array['platform_id']) ?>&agent=<?= htmlspecialchars($agent_array['id']) ?>&action=edit">edit agent</a>
+                                                        <a class="btn btn-danger" style="padding: 2px;" href="<?= htmlspecialchars($app_root) ?>?page=config&platform=<?= htmlspecialchars($agent_array['platform_id']) ?>&agent=<?= htmlspecialchars($agent_array['id']) ?>&action=delete">delete agent</a>
                                                     </div>
                                                     <div style="padding-left: 100px; padding-bottom: 20px;">
                                                         <div class="row mb-1" style="padding-left: 100px;">
@@ -86,7 +86,7 @@ echo "\n";
                                                                 agent type:
                                                             </div>
                                                             <div class="border col-md-8 text-start">
-                                                                <?= $agent_array['agent_description'] ?>
+                                                                <?= htmlspecialchars($agent_array['agent_description']) ?>
                                                             </div>
                                                         </div>
                                                         <div class="row mb-1" style="padding-left: 100px;">
@@ -94,7 +94,7 @@ echo "\n";
                                                                 endpoint:
                                                             </div>
                                                             <div class="border col-md-8 text-start">
-                                                                <?= $agent_array['url'].$agent_array['agent_endpoint'] ?>
+                                                                <?= htmlspecialchars($agent_array['url'].$agent_array['agent_endpoint']) ?>
                                                             </div>
                                                         </div>
                                                     </div>
diff --git a/app/templates/error-notfound.php b/app/templates/error-notfound.php
index a33ff0b..67bb144 100644
--- a/app/templates/error-notfound.php
+++ b/app/templates/error-notfound.php
@@ -2,7 +2,7 @@
 <div class="text-center">
     <div class="mt-3 h5">The page is not found.</div>
     <div>
-        <small>go to <a href="<?= $app_root ?>">front page</a> or to <a href="<?= $app_root ?>?page=profile">your profile</a></small>
+        <small>go to <a href="<?= htmlspecialchars($app_root) ?>">front page</a> or to <a href="<?= htmlspecialchars($app_root) ?>?page=profile">your profile</a></small>
     </div>
 </div>
 
diff --git a/app/templates/error-unauthorized.php b/app/templates/error-unauthorized.php
index 699e7ee..9a81106 100644
--- a/app/templates/error-unauthorized.php
+++ b/app/templates/error-unauthorized.php
@@ -2,7 +2,7 @@
 <div class="text-center">
     <div class="mt-3 h5">You have no access to this page.</div>
     <div>
-        <small>go to <a href="<?= $app_root ?>">front page</a> or to <a href="<?= $app_root ?>?page=profile">your profile</a></small>
+        <small>go to <a href="<?= htmlspecialchars($app_root) ?>">front page</a> or to <a href="<?= htmlspecialchars($app_root) ?>?page=profile">your profile</a></small>
     </div>
 </div>
 
diff --git a/app/templates/event-list-components.php b/app/templates/event-list-components.php
index 51d3aa1..36c88a9 100644
--- a/app/templates/event-list-components.php
+++ b/app/templates/event-list-components.php
@@ -4,14 +4,14 @@
 
                     <!-- Results filter -->
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
-                        <form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
+                        <form method="POST" id="filter_form" action="?platform=<?= htmlspecialchars($platform_id) ?>&page=<?= htmlspecialchars($page) ?>">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . htmlspecialchars($from_time) . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
-                            <input type="text" name="id" placeholder="component ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
-                            <input type="text" name="name" placeholder="component name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
-                            <input type="text" name="event" placeholder="event name"<?php if (isset($_REQUEST['event'])) echo " value=\"" . $_REQUEST['event'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . htmlspecialchars($until_time) . "\"" ?> />
+                            <input type="text" name="id" placeholder="component ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . htmlspecialchars($_REQUEST['id']) . "\"" ?> />
+                            <input type="text" name="name" placeholder="component name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . htmlspecialchars($_REQUEST['name']) . "\"" ?> />
+                            <input type="text" name="event" placeholder="event name"<?php if (isset($_REQUEST['event'])) echo " value=\"" . htmlspecialchars($_REQUEST['event']) . "\"" ?> />
                             <input type="button" onclick="clearFilter()" value="clear" />
                             <input type="submit" value="search" />
                         </form>
@@ -31,10 +31,10 @@
 
                 </div>
 
-                <!-- widget "<?= $widget['name']; ?>" -->
-                <div class="collapse show" id="collapse<?= $widget['name'] ?>">
+                <!-- widget "<?= htmlspecialchars($widget['name']) ?>" -->
+                <div class="collapse show" id="collapse<?= htmlspecialchars($widget['name']) ?>">
 <?php if ($time_range_specified) { ?>
-                    <p class="m-3">time period: <strong><?= $from_time ?> - <?= $until_time ?></strong></p>
+                    <p class="m-3">time period: <strong><?= htmlspecialchars($from_time) ?> - <?= htmlspecialchars($until_time) ?></strong></p>
 <?php } ?>
                     <div class="mb-5">
 <?php if ($widget['full'] === true) { ?>
@@ -42,7 +42,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col"><?= $header ?></th>
+                                    <th scope="col"><?= htmlspecialchars($header) ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -51,11 +51,11 @@
                                 <tr>
 <?php        foreach ($row as $key => $column) { ?>
 <?php               if ($key === 'component ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'component') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } else { ?>
-                                    <td><?= $column ?? '' ?></td>
+                                    <td><?= htmlspecialchars($column ?? '') ?></td>
 <?php               }
                 } ?>
                                 </tr>
@@ -73,4 +73,4 @@ if ($widget['pagination'] && $item_count > $items_per_page) {
 <?php } ?>
                     </div>
                 </div>
-                <!-- /widget "<?= $widget['name']; ?>" -->
+                <!-- /widget "<?= htmlspecialchars($widget['name']) ?>" -->
diff --git a/app/templates/event-list-conferences.php b/app/templates/event-list-conferences.php
index f3aa04b..6dbb67a 100644
--- a/app/templates/event-list-conferences.php
+++ b/app/templates/event-list-conferences.php
@@ -4,13 +4,13 @@
 
                     <!-- Results filter -->
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
-                        <form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
+                        <form method="POST" id="filter_form" action="?platform=<?= htmlspecialchars($platform_id) ?>&page=<?= htmlspecialchars($page) ?>">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . htmlspecialchars($from_time) . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
-                            <input type="text" name="id" placeholder="conference ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
-                            <input type="text" name="name" placeholder="conference name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . htmlspecialchars($until_time) . "\"" ?> />
+                            <input type="text" name="id" placeholder="conference ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . htmlspecialchars($_REQUEST['id']) . "\"" ?> />
+                            <input type="text" name="name" placeholder="conference name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . htmlspecialchars($_REQUEST['name']) . "\"" ?> />
                             <input type="button" onclick="clearFilter()" value="clear" />
                             <input type="submit" value="search" />
                         </form>
@@ -30,10 +30,10 @@
 
                 </div>
 
-                <!-- widget "<?= $widget['name']; ?>" -->
-                <div class="collapse show" id="collapse<?= $widget['name'] ?>">
+                <!-- widget "<?= htmlspecialchars($widget['name']) ?>" -->
+                <div class="collapse show" id="collapse<?= htmlspecialchars($widget['name']) ?>">
 <?php if ($time_range_specified) { ?>
-                    <p class="m-3">time period: <strong><?= $from_time ?> - <?= $until_time ?></strong></p>
+                    <p class="m-3">time period: <strong><?= htmlspecialchars($from_time) ?> - <?= htmlspecialchars($until_time) ?></strong></p>
 <?php } ?>
                     <div class="mb-5">
 <?php if ($widget['full'] === true) { ?>
@@ -41,7 +41,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col"><?= $header ?></th>
+                                    <th scope="col"><?= htmlspecialchars($header) ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -55,21 +55,21 @@
 
             foreach ($row as $key => $column) {
                     if ($key === 'conference ID' && isset($conferenceId) && $conferenceId === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($key === 'conference ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'conference name' && isset($conferenceName) && $conferenceName === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($key === 'conference name') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'participant ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($stats_id && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($participant_ip && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } else { ?>
-                                    <td><?= $column ?? '' ?></td>
+                                    <td><?= htmlspecialchars($column ?? '') ?></td>
 <?php               }
             } ?>
                                 </tr>
@@ -87,4 +87,4 @@ if ($widget['pagination'] && $item_count > $items_per_page) {
 <?php } ?>
                     </div>
                 </div>
-                <!-- /widget "<?= $widget['name']; ?>" -->
+                <!-- /widget "<?= htmlspecialchars($widget['name']) ?>" -->
diff --git a/app/templates/form-login.php b/app/templates/form-login.php
index 650fcde..c9d9be8 100644
--- a/app/templates/form-login.php
+++ b/app/templates/form-login.php
@@ -3,7 +3,7 @@
             <h2 class="card-header">Login</h2>
             <div class="card-body">
                 <p class="card-text"><strong>Welcome to JILO!</strong><br />Please enter login credentials:</p>
-                <form method="POST" action="<?= $app_root ?>?page=login">
+                <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=login">
                     <input type="text" name="username" placeholder="Username" required autofocus />
                     <br />
                     <input type="password" name="password" placeholder="Password" required />
diff --git a/app/templates/form-register.php b/app/templates/form-register.php
index f95a36d..84d83b2 100644
--- a/app/templates/form-register.php
+++ b/app/templates/form-register.php
@@ -3,7 +3,7 @@
             <h2 class="card-header">Register</h2>
             <div class="card-body">
                 <p class="card-text">Enter credentials for registration:</p>
-                <form method="POST" action="<?= $app_root ?>?page=register">
+                <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=register">
                     <input type="text" name="username" placeholder="Username" required autofocus />
                     <br />
                     <input type="password" name="password" placeholder="Password" required />
diff --git a/app/templates/logs-filter.php b/app/templates/logs-filter.php
index 7de2cc6..8fb49cf 100644
--- a/app/templates/logs-filter.php
+++ b/app/templates/logs-filter.php
@@ -3,11 +3,11 @@
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
                         <form method="POST" id="filter_form" action="?page=logs">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . htmlspecialchars($from_time) . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
-                            <input type="text" name="id" placeholder="user ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
-                            <input type="text" name="message" placeholder="message"<?php if (isset($_REQUEST['message'])) echo " value=\"" . $_REQUEST['message'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . htmlspecialchars($until_time) . "\"" ?> />
+                            <input type="text" name="id" placeholder="user ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . htmlspecialchars($_REQUEST['id']) . "\"" ?> />
+                            <input type="text" name="message" placeholder="message"<?php if (isset($_REQUEST['message'])) echo " value=\"" . htmlspecialchars($_REQUEST['message']) . "\"" ?> />
                             <input type="button" onclick="clearFilter()" value="clear" />
                             <input type="submit" value="search" />
                         </form>
diff --git a/app/templates/logs-list.php b/app/templates/logs-list.php
index 4456642..0f662f6 100644
--- a/app/templates/logs-list.php
+++ b/app/templates/logs-list.php
@@ -1,10 +1,10 @@
 
                 <div class="row">
 <?php if ($widget['collapsible'] === true) { ?>
-                    <a style="text-decoration: none;" data-toggle="collapse" href="#collapse<?= $widget['name'] ?>" role="button" aria-expanded="true" aria-controls="collapse<?= $widget['name'] ?>">
-                        <div class="card w-auto bg-light card-body"  style="flex-direction: row;"><?= $widget['title'] ?></div>
+                    <a style="text-decoration: none;" data-toggle="collapse" href="#collapse<?= htmlspecialchars($widget['name']) ?>" role="button" aria-expanded="true" aria-controls="collapse<?= htmlspecialchars($widget['name']) ?>">
+                        <div class="card w-auto bg-light card-body"  style="flex-direction: row;"><?= htmlspecialchars($widget['title']) ?></div>
 <?php } else { ?>
-                    <div class="card w-auto bg-light border-light card-body"  style="flex-direction: row;"><?= $widget['title'] ?></div>
+                    <div class="card w-auto bg-light border-light card-body"  style="flex-direction: row;"><?= htmlspecialchars($widget['title']) ?></div>
 <?php } ?>
 <?php if ($widget['filter'] === true) {
     include '../app/templates/logs-filter.php'; } ?>
@@ -13,10 +13,10 @@
 <?php } ?>
                 </div>
 
-                <!-- widget "<?= $widget['name']; ?>" -->
-                <div class="collapse show" id="collapse<?= $widget['name'] ?>">
+                <!-- widget "<?= htmlspecialchars($widget['name']) ?>" -->
+                <div class="collapse show" id="collapse<?= htmlspecialchars($widget['name']) ?>">
 <?php if ($time_range_specified) { ?>
-                    <p class="m-3">time period: <strong><?= $from_time ?> - <?= $until_time ?></strong></p>
+                    <p class="m-3">time period: <strong><?= htmlspecialchars($from_time) ?> - <?= htmlspecialchars($until_time) ?></strong></p>
 <?php } ?>
                     <div class="mb-5">
 <?php if ($widget['full'] === true) { ?>
@@ -24,7 +24,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col" class="th-<?= $header ?>"><?= $header ?></th>
+                                    <th scope="col" class="th-<?= htmlspecialchars($header) ?>"><?= htmlspecialchars($header) ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -34,9 +34,9 @@
 <?php
             foreach ($row as $key => $column) {
                     if ($key === 'user ID' && isset($user_id) && $user_id === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } else { ?>
-                                    <td><?= $column ?? '' ?></td>
+                                    <td><?= htmlspecialchars($column ?? '') ?></td>
 <?php               }
                 } ?>
                                 </tr>
@@ -54,4 +54,4 @@ if ($widget['pagination'] && $item_count > $items_per_page) {
 <?php } ?>
                     </div>
                 </div>
-                <!-- /widget "<?= $widget['name']; ?>" -->
+                <!-- /widget "<?= htmlspecialchars($widget['name']) ?>" -->
diff --git a/app/templates/page-footer.php b/app/templates/page-footer.php
index 66b4f7a..079813d 100644
--- a/app/templates/page-footer.php
+++ b/app/templates/page-footer.php
@@ -7,7 +7,7 @@
 
 <?php } ?>
         <!-- Footer -->
-        <div id="footer">Jilo Web <?= $config['version'] ?> &copy;2024 - web interface for <a href="https://lindeas.com/jilo">Jilo</a></div>
+        <div id="footer">Jilo Web <?= htmlspecialchars($config['version']) ?> &copy;2024 - web interface for <a href="https://lindeas.com/jilo">Jilo</a></div>
         <!-- /Footer -->
 
     </div>
diff --git a/app/templates/page-header.php b/app/templates/page-header.php
index 028210a..7108eed 100644
--- a/app/templates/page-header.php
+++ b/app/templates/page-header.php
@@ -2,13 +2,13 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <link rel="stylesheet" type="text/css" href="<?= $app_root ?>static/bootstrap/bootstrap.min.css">
-    <link rel="stylesheet" type="text/css" href="<?= $app_root ?>static/css/main.css">
+    <link rel="stylesheet" type="text/css" href="<?= htmlspecialchars($app_root) ?>static/bootstrap/bootstrap.min.css">
+    <link rel="stylesheet" type="text/css" href="<?= htmlspecialchars($app_root) ?>static/css/main.css">
 <?php if ($page === 'logs') { ?>
-    <link rel="stylesheet" type="text/css" href="<?= $app_root ?>static/css/logs.css">
+    <link rel="stylesheet" type="text/css" href="<?= htmlspecialchars($app_root) ?>static/css/logs.css">
 <?php } ?>
 <?php if ($page === 'profile') { ?>
-    <link rel="stylesheet" type="text/css" href="<?= $app_root ?>static/css/profile.css">
+    <link rel="stylesheet" type="text/css" href="<?= htmlspecialchars($app_root) ?>static/css/profile.css">
 <?php } ?>
 <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
 <script src="https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
@@ -24,10 +24,10 @@
         })();
     </script>
 <?php if ($page === 'agents') { ?>
-    <script src="<?= $app_root ?>static/agents.js"></script>
+    <script src="<?= htmlspecialchars($app_root) ?>static/agents.js"></script>
 <?php } ?>
     <title>Jilo Web</title>
-    <link rel="icon" type="image/x-icon" href="<?= $app_root ?>static/favicon.ico">
+    <link rel="icon" type="image/x-icon" href="<?= htmlspecialchars($app_root) ?>static/favicon.ico">
 </head>
 
 <body>
diff --git a/app/templates/page-menu.php b/app/templates/page-menu.php
index 6db1344..6a3a840 100644
--- a/app/templates/page-menu.php
+++ b/app/templates/page-menu.php
@@ -4,11 +4,11 @@
             <ul class="menu-left">
                 <div class="container">
                     <div class="row">
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>" class="logo-link"><div class="col-4"><img class="logo" src="<?= $app_root ?>static/jilo-logo.png" alt="JILO"/></div></a>
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>" class="logo-link"><div class="col-4"><img class="logo" src="<?= htmlspecialchars($app_root) ?>static/jilo-logo.png" alt="JILO"/></div></a>
                     </div>
                 </div>
 
-<li class="font-weight-light text-uppercase" style="font-size: 0.5em; color: whitesmoke; margin-right: 70px; align-content: center;">version&nbsp;<?php echo $config['version']; ?></li>
+<li class="font-weight-light text-uppercase" style="font-size: 0.5em; color: whitesmoke; margin-right: 70px; align-content: center;">version&nbsp;<?= htmlspecialchars($config['version']) ?></li>
 
 <?php if ( isset($_SESSION['username']) ) { ?>
 
@@ -17,7 +17,7 @@
 ?>
                 <li style="margin-right: 3px;">
                     <a style="background-color: #111;" href="<?= htmlspecialchars($platform_switch_url) ?>">
-                        <?= $platform['name'] ?>
+                        <?= htmlspecialchars($platform['name']) ?>
                     </a>
                 </li>
 <?php } ?>
@@ -27,11 +27,11 @@
 
             <ul class="menu-right">
 <?php if ( isset($_SESSION['username']) ) { ?>
-                <li><a href="<?= $app_root ?>?page=profile"><?= $currentUser ?></a></li>
-                <li><a href="<?= $app_root ?>?page=logout">logout</a></li>
+                <li><a href="<?= htmlspecialchars($app_root) ?>?page=profile"><?= htmlspecialchars($currentUser) ?></a></li>
+                <li><a href="<?= htmlspecialchars($app_root) ?>?page=logout">logout</a></li>
 <?php } else { ?>
-                <li><a href="<?= $app_root ?>?page=login">login</a></li>
-                <li><a href="<?= $app_root ?>?page=register">register</a></li>
+                <li><a href="<?= htmlspecialchars($app_root) ?>?page=login">login</a></li>
+                <li><a href="<?= htmlspecialchars($app_root) ?>?page=register">register</a></li>
 <?php } ?>
             </ul>
         </div>
diff --git a/app/templates/page-sidebar.php b/app/templates/page-sidebar.php
index c781883..8a630cb 100644
--- a/app/templates/page-sidebar.php
+++ b/app/templates/page-sidebar.php
@@ -6,8 +6,8 @@
 <?php
 $timeNow = new DateTime('now', new DateTimeZone($userTimezone));
 ?>
-                <!--span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('d M Y H:i'); ?> <?= $userTimezone ?></span-->
-                <span style="vertical-align: top; font-size: 12px;"><?= $timeNow->format('H:i'); ?>&nbsp;&nbsp;<?= $userTimezone ?></span>
+                <!--span style="vertical-align: top; font-size: 12px;"><?= htmlspecialchars($timeNow->format('d M Y H:i')) ?> <?= htmlspecialchars($userTimezone) ?></span-->
+                <span style="vertical-align: top; font-size: 12px;"><?= htmlspecialchars($timeNow->format('H:i')) ?>&nbsp;&nbsp;<?= htmlspecialchars($userTimezone) ?></span>
             </div>
 
                 <div class="col-4"><button class="btn btn-sm btn-info toggle-sidebar-button" type="button" id="toggleSidebarButton" value=">>"></button></div>
@@ -16,22 +16,22 @@ $timeNow = new DateTime('now', new DateTimeZone($userTimezone));
 
                         <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>statistics</small></p></li>
 
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=dashboard">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=dashboard">
                             <li class="list-group-item<?php if ($page === 'dashboard') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-chart-line" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="general jitsi stats"></i>general stats
                             </li>
                         </a>
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=conferences">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=conferences">
                             <li class="list-group-item<?php if ($page === 'conferences') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-video" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="conferences"></i>conferences
                             </li>
                         </a>
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=participants">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants">
                             <li class="list-group-item<?php if ($page === 'participants') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-users" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="participants"></i>participants
                             </li>
                         </a>
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=components">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=components">
                             <li class="list-group-item<?php if ($page === 'components') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-puzzle-piece" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="components"></i>components
                             </li>
@@ -40,14 +40,14 @@ $timeNow = new DateTime('now', new DateTimeZone($userTimezone));
                         <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>jilo-web config</small></p></li>
 
 <?php if ($userObject->hasRight($user_id, 'view config file')) {?>
-                        <a href="<?= $app_root ?>?page=config">
+                        <a href="<?= htmlspecialchars($app_root) ?>?page=config">
                             <li class="list-group-item<?php if ($page === 'config' && $item === '') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-wrench" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="configuration"></i>config
                             </li>
                         </a>
 <?php } ?>
 <?php if ($userObject->hasRight($user_id, 'view app logs')) {?>
-                        <a href="<?= $app_root ?>?page=logs">
+                        <a href="<?= htmlspecialchars($app_root) ?>?page=logs">
                             <li class="list-group-item<?php if ($page === 'logs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-list" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="logs"></i>logs
                             </li>
@@ -56,17 +56,17 @@ $timeNow = new DateTime('now', new DateTimeZone($userTimezone));
 
                         <li class="list-group-item bg-light" style="border: none;"><p class="text-end mb-0"><small>current Jitsi platform</small></p></li>
 
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs">
                             <li class="list-group-item<?php if ($page === 'config' && $item === 'configjs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-tv" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="config.js"></i>config.js
                             </li>
                         </a>
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs">
                             <li class="list-group-item<?php if ($page === 'config' && $item === 'interfaceconfigjs') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-th" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="interface_config.js"></i>interface_config.js
                             </li>
                         </a>
-                        <a href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=agents">
+                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=agents">
                             <li class="list-group-item<?php if ($page === 'agents') echo ' list-group-item-secondary'; else echo ' list-group-item-action'; ?>">
                                 <i class="fas fa-mask" data-toggle="tooltip" data-placement="right" data-offset="30.0" title="jilo agents"></i>jilo agents
                             </li>
diff --git a/app/templates/profile-edit.php b/app/templates/profile-edit.php
index e76e1d2..7e47f06 100644
--- a/app/templates/profile-edit.php
+++ b/app/templates/profile-edit.php
@@ -2,15 +2,15 @@
                 <!-- user profile -->
                 <div class="card text-center w-50 mx-auto">
 
-                    <p class="h4 card-header">Profile of <?= $userDetails[0]['username'] ?></p>
+                    <p class="h4 card-header">Profile of <?= htmlspecialchars($userDetails[0]['username']) ?></p>
                     <div class="card-body">
 
-                        <form method="POST" action="<?= $app_root ?>?page=profile" enctype="multipart/form-data">
+                        <form method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile" enctype="multipart/form-data">
                             <div class="row">
                                 <p class="border rounded bg-light mb-4"><small>edit the profile fields</small></p>
                                 <div class="col-md-4 avatar-container">
                                     <div class="avatar-wrapper">
-                                        <img class="avatar-img" src="<?= $app_root . htmlspecialchars($avatar) ?>" alt="avatar" />
+                                        <img class="avatar-img" src="<?= htmlspecialchars($app_root) . htmlspecialchars($avatar) ?>" alt="avatar" />
         <div class="avatar-btn-container">
 
                                         <label for="avatar-upload" class="avatar-btn avatar-btn-select btn btn-primary">
@@ -36,7 +36,7 @@
                                             <span class="text-danger" style="margin-right: -12px;">*</span>
                                         </div>
                                         <div class="col-md-8 text-start bg-light">
-                                            <input class="form-control" type="text" name="username" value="<?= $userDetails[0]['username'] ?>" required />
+                                            <input class="form-control" type="text" name="username" value="<?= htmlspecialchars($userDetails[0]['username']) ?>" required />
                                         </div>
                                     </div-->
 
@@ -45,7 +45,7 @@
                                             <label for="name" class="form-label"><small>name:</small></label>
                                         </div>
                                         <div class="col-md-8 text-start bg-light">
-                                            <input class="form-control" type="text" name="name" value="<?= $userDetails[0]['name'] ?>" autofocus />
+                                            <input class="form-control" type="text" name="name" value="<?= htmlspecialchars($userDetails[0]['name']) ?>" autofocus />
                                         </div>
                                     </div>
 
@@ -54,7 +54,7 @@
                                             <label for="email" class="form-label"><small>email:</small></label>
                                         </div>
                                         <div class="col-md-8 text-start bg-light">
-                                            <input class="form-control" type="text" name="email" value="<?= $userDetails[0]['email'] ?>" />
+                                            <input class="form-control" type="text" name="email" value="<?= htmlspecialchars($userDetails[0]['email']) ?>" />
                                         </div>
                                     </div>
 
@@ -65,8 +65,8 @@
                                         <div class="col-md-8 text-start bg-light">
                                             <select class="form-control" name="timezone" id="timezone">
 <?php foreach ($allTimezones as $timezone) { ?>
-                                                <option value="<?= $timezone ?>" <?= $timezone === $userTimezone ? 'selected' : '' ?>>
-                                                    <?= $timezone ?>&nbsp;&nbsp;(<?= getUTCOffset($timezone) ?>)
+                                                <option value="<?= htmlspecialchars($timezone) ?>" <?= $timezone === $userTimezone ? 'selected' : '' ?>>
+                                                    <?= htmlspecialchars($timezone) ?>&nbsp;&nbsp;(<?= htmlspecialchars(getUTCOffset($timezone)) ?>)
                                                 </option>
 <?php } ?>
                                             </select>
@@ -78,7 +78,7 @@
                                             <label for="bio" class="form-label"><small>bio:</small></label>
                                         </div>
                                         <div class="col-md-8 text-start bg-light">
-                                            <textarea class="form-control" name="bio" rows="10"><?= $userDetails[0]['bio'] ?? '' ?></textarea>
+                                            <textarea class="form-control" name="bio" rows="10"><?= htmlspecialchars($userDetails[0]['bio'] ?? '') ?></textarea>
                                         </div>
                                     </div>
 
@@ -98,7 +98,7 @@
     } ?>
                                             <div class="form-check">
                                                 <input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
-                                                <label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= $right['right_name'] ?></label>
+                                                <label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
                                             </div>
 <?php } ?>
                                         </div>
@@ -107,7 +107,7 @@
                                 </div>
 
                                 <p>
-                                    <a href="<?= $app_root ?>?page=profile" class="btn btn-secondary">Cancel</a>
+                                    <a href="<?= htmlspecialchars($app_root) ?>?page=profile" class="btn btn-secondary">Cancel</a>
                                     <input type="submit" class="btn btn-primary" value="Save" />
                                 </p>
 
@@ -123,7 +123,7 @@
                                                         <button type="button" class="btn-close" data-dismiss="modal" aria-label="Close"></button>
                                                     </div>
                                                     <div class="modal-body">
-                                                        <img class="avatar-img" src="<?= $app_root . htmlspecialchars($avatar) ?>" alt="avatar" />
+                                                        <img class="avatar-img" src="<?= htmlspecialchars($app_root) . htmlspecialchars($avatar) ?>" alt="avatar" />
                                                         <br />
                                                         Are you sure you want to delete your avatar?
                                                         <br />
@@ -131,7 +131,7 @@
                                                     </div>
                                                     <div class="modal-footer">
                                                         <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
-                                                        <form id="remove-avatar-form" data-action="remove-avatar" method="POST" action="<?= $app_root ?>?page=profile&action=remove&item=avatar">
+                                                        <form id="remove-avatar-form" data-action="remove-avatar" method="POST" action="<?= htmlspecialchars($app_root) ?>?page=profile&action=remove&item=avatar">
                                                             <button type="button" class="btn btn-danger" id="confirm-delete">Delete Avatar</button>
                                                         </form>
                                                     </div>
@@ -156,7 +156,7 @@ document.getElementById('avatar-upload').addEventListener('change', function(eve
 // Avatar file size and type control
 document.getElementById('avatar-upload').addEventListener('change', function() {
     const maxFileSize = 500 * 1024; // 500 KB in bytes
-    const currentAvatar = '<?= $app_root . htmlspecialchars($avatar) ?>'; // current avatar
+    const currentAvatar = '<?= htmlspecialchars($app_root) . htmlspecialchars($avatar) ?>'; // current avatar
     const file = this.files[0];
 
     if (file) {
diff --git a/app/templates/profile.php b/app/templates/profile.php
index ad31f97..f5be915 100644
--- a/app/templates/profile.php
+++ b/app/templates/profile.php
@@ -2,14 +2,14 @@
                 <!-- user profile -->
                 <div class="card text-center w-50 mx-auto">
 
-                    <p class="h4 card-header">Profile of <?= $userDetails[0]['username'] ?></p>
+                    <p class="h4 card-header">Profile of <?= htmlspecialchars($userDetails[0]['username']) ?></p>
                     <div class="card-body">
 
                         <div class="row">
 
                             <div class="col-md-4 avatar-container">
                                 <div>
-                                    <img class="avatar-img" src="<?= $app_root . htmlspecialchars($avatar) ?>" alt="avatar" />
+                                    <img class="avatar-img" src="<?= htmlspecialchars($app_root) . htmlspecialchars($avatar) ?>" alt="avatar" />
                                 </div>
                             </div>
 
@@ -20,7 +20,7 @@
                                         <label class="form-label"><small>username:</small></label>
                                     </div>
                                     <div class="col-md-8 text-start bg-light">
-                                        <?= $userDetails[0]['username'] ?>
+                                        <?= htmlspecialchars($userDetails[0]['username']) ?>
                                     </div>
                                 </div-->
 
@@ -29,7 +29,7 @@
                                         <label class="form-label"><small>name:</small></label>
                                     </div>
                                     <div class="col-md-8 text-start bg-light">
-                                        <?= $userDetails[0]['name'] ?>
+                                        <?= htmlspecialchars($userDetails[0]['name']) ?>
                                     </div>
                                 </div>
 
@@ -38,7 +38,7 @@
                                         <label class="form-label"><small>email:</small></label>
                                     </div>
                                     <div class="col-md-8 text-start bg-light">
-                                        <?= $userDetails[0]['email'] ?>
+                                        <?= htmlspecialchars($userDetails[0]['email']) ?>
                                     </div>
                                 </div>
 
@@ -48,7 +48,7 @@
                                     </div>
                                     <div class="col-md-8 text-start bg-light">
 <?php if (isset($userDetails[0]['timezone'])) { ?>
-                                        <?= $userDetails[0]['timezone'] ?>&nbsp;&nbsp;<span style="font-size: 0.66em;">(<?= getUTCOffset($userDetails[0]['timezone']) ?>)</span>
+                                        <?= htmlspecialchars($userDetails[0]['timezone']) ?>&nbsp;&nbsp;<span style="font-size: 0.66em;">(<?= htmlspecialchars(getUTCOffset($userDetails[0]['timezone'])) ?>)</span>
 <?php } ?>
                                     </div>
                                 </div>
@@ -58,7 +58,7 @@
                                         <label class="form-label"><small>bio:</small></label>
                                     </div>
                                     <div class="col-md-8 text-start bg-light">
-                                        <textarea class="scroll-box" rows="10" readonly><?= $userDetails[0]['bio'] ?? '' ?></textarea>
+                                        <textarea class="scroll-box" rows="10" readonly><?= htmlspecialchars($userDetails[0]['bio'] ?? '') ?></textarea>
                                     </div>
                                 </div>
 
@@ -68,7 +68,7 @@
                                     </div>
                                     <div class="col-md-8 text-start bg-light">
 <?php foreach ($userRights as $right) { ?>
-                                        <?= $right['right_name'] ?>
+                                        <?= htmlspecialchars($right['right_name']) ?>
                                         <br />
 <?php } ?>
                                     </div>
@@ -77,7 +77,7 @@
                             </div>
 
                                 <p>
-                                    <a href="<?= $app_root ?>?page=profile&action=edit" class="btn btn-primary">Edit</a>
+                                    <a href="<?= htmlspecialchars($app_root) ?>?page=profile&action=edit" class="btn btn-primary">Edit</a>
                                 </p>
 
                         </div>
diff --git a/app/templates/widget-monthly.php b/app/templates/widget-monthly.php
index 045fb32..26cd004 100644
--- a/app/templates/widget-monthly.php
+++ b/app/templates/widget-monthly.php
@@ -2,7 +2,7 @@
                 <div class="row">
 
 <?php if ($widget['collapsible'] === true) { ?>
-                    <a style="text-decoration: none;" data-toggle="collapse" href="#collapse<?= $widget['name'] ?>" role="button" aria-expanded="true" aria-controls="collapse<?= $widget['name'] ?>">
+                    <a style="text-decoration: none;" data-toggle="collapse" href="#collapse<?= htmlspecialchars($widget['name']) ?>" role="button" aria-expanded="true" aria-controls="collapse<?= htmlspecialchars($widget['name']) ?>">
                         <div class="card w-auto bg-light card-body"  style="flex-direction: row;"><?= $widget['title'] ?></div>
 <?php } else { ?>
                     <div class="card w-auto bg-light border-light card-body"  style="flex-direction: row;"><?= $widget['title'] ?></div>
@@ -15,10 +15,10 @@
 
                 </div>
 
-                <!-- widget "<?= $widget['name']; ?>" -->
-                <div class="collapse show" id="collapse<?= $widget['name'] ?>">
+                <!-- widget "<?= htmlspecialchars($widget['name']) ?>" -->
+                <div class="collapse show" id="collapse<?= htmlspecialchars($widget['name']) ?>">
 <?php if ($time_range_specified) { ?>
-                    <p class="m-3">time period: <strong><?= $from_time ?> - <?= $until_time ?></strong></p>
+                    <p class="m-3">time period: <strong><?= htmlspecialchars($from_time) ?> - <?= htmlspecialchars($until_time) ?></strong></p>
 <?php } ?>
                     <div class="mb-5">
 <?php if ($widget['full'] === true) { ?>
@@ -27,7 +27,7 @@
                                 <tr>
                                     <th scope="col"></th>
 <?php     foreach ($widget['records'] as $record) { ?>
-                                    <th scope="col"><?= $record['table_headers'] ?></th>
+                                    <th scope="col"><?= htmlspecialchars($record['table_headers']) ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -36,7 +36,7 @@
                                     <td>conferences</td>
 <?php     foreach ($widget['records'] as $record) { ?>
                                     <td><?php if (!empty($record['conferences'])) { ?>
-                                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= $record['conferences'] ?></a> <?php } else { ?>
+                                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=conferences&from_time=<?= htmlspecialchars($record['from_time']) ?>&until_time=<?= htmlspecialchars($record['until_time']) ?>"><?= htmlspecialchars($record['conferences']) ?></a> <?php } else { ?>
                                         0<?php } ?>
                                     </td>
 <?php     } ?>
@@ -45,7 +45,7 @@
                                     <td>participants</td>
 <?php     foreach ($widget['records'] as $record) { ?>
                                     <td><?php if (!empty($record['participants'])) { ?>
-                                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= $record['participants'] ?></a> <?php } else { ?>
+                                        <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&from_time=<?= htmlspecialchars($record['from_time']) ?>&until_time=<?= htmlspecialchars($record['until_time']) ?>"><?= htmlspecialchars($record['participants']) ?></a> <?php } else { ?>
                                         0<?php } ?>
                                     </td>
 <?php     } ?>
@@ -57,4 +57,4 @@
 <?php } ?>
                     </div>
                 </div>
-                <!-- /widget "<?= $widget['name']; ?>" -->
+                <!-- /widget "<?= htmlspecialchars($widget['name']) ?>" -->
diff --git a/app/templates/widget.php b/app/templates/widget.php
index 888ab79..b8f3881 100644
--- a/app/templates/widget.php
+++ b/app/templates/widget.php
@@ -1,7 +1,7 @@
 
                 <div class="row">
 <?php if ($widget['collapsible'] === true) { ?>
-                    <a style="text-decoration: none;" data-toggle="collapse" href="#collapse<?= $widget['name'] ?>" role="button" aria-expanded="true" aria-controls="collapse<?= $widget['name'] ?>">
+                    <a style="text-decoration: none;" data-toggle="collapse" href="#collapse<?= htmlspecialchars($widget['name']) ?>" role="button" aria-expanded="true" aria-controls="collapse<?= htmlspecialchars($widget['name']) ?>">
                         <div class="card w-auto bg-light card-body"  style="flex-direction: row;"><?= $widget['title'] ?></div>
 <?php } else { ?>
                     <div class="card w-auto bg-light border-light card-body"  style="flex-direction: row;"><?= $widget['title'] ?></div>
@@ -13,10 +13,10 @@
 <?php } ?>
                 </div>
 
-                <!-- widget "<?= $widget['name']; ?>" -->
-                <div class="collapse show" id="collapse<?= $widget['name'] ?>">
+                <!-- widget "<?= htmlspecialchars($widget['name']) ?>" -->
+                <div class="collapse show" id="collapse<?= htmlspecialchars($widget['name']) ?>">
 <?php if ($time_range_specified) { ?>
-                    <p class="m-3">time period: <strong><?= $from_time ?> - <?= $until_time ?></strong></p>
+                    <p class="m-3">time period: <strong><?= htmlspecialchars($from_time) ?> - <?= htmlspecialchars($until_time) ?></strong></p>
 <?php } ?>
                     <div class="mb-5">
 <?php if ($widget['full'] === true) { ?>
@@ -24,7 +24,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col"><?= $header ?></th>
+                                    <th scope="col"><?= htmlspecialchars($header) ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -37,31 +37,31 @@
             if (isset($row['event']) && $row['event'] === 'pair selected') $participant_ip = true;
             foreach ($row as $key => $column) {
                     if ($key === 'conference ID' && isset($conferenceId) && $conferenceId === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($key === 'conference ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'conference name' && isset($conferenceName) && $conferenceName === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($key === 'conference name') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'participant ID' && isset($participantId) && $participantId === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($key === 'participant ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'component ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($stats_id && $key === 'parameter' && isset($participantName) && $participantName === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($stats_id && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($participant_ip && $key === 'parameter' && isset($participantIp) && $participantIp === $column) { ?>
-                                    <td><strong><?= $column ?? '' ?></strong></td>
+                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
 <?php               } elseif ($participant_ip && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } elseif ($key === 'component') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
+                                    <td><a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
 <?php               } else { ?>
-                                    <td><?= $column ?? '' ?></td>
+                                    <td><?= htmlspecialchars($column ?? '') ?></td>
 <?php               }
                 } ?>
                                 </tr>
@@ -79,4 +79,4 @@ if ($widget['pagination'] && $item_count > $items_per_page) {
 <?php } ?>
                     </div>
                 </div>
-                <!-- /widget "<?= $widget['name']; ?>" -->
+                <!-- /widget "<?= htmlspecialchars($widget['name']) ?>" -->
diff --git a/public_html/index.php b/public_html/index.php
index 9b795a8..114f397 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -15,7 +15,7 @@
 // flush it later only when there is no redirect
 ob_start();
 
-// sanitize all vars that may end up in URLs or forms
+// sanitize all input vars that may end up in URLs or forms
 require '../app/helpers/sanitize.php';
 
 require '../app/helpers/errors.php';