diff --git a/app/helpers/pagination.php b/app/helpers/pagination.php
index 9a36352..601a124 100644
--- a/app/helpers/pagination.php
+++ b/app/helpers/pagination.php
@@ -16,10 +16,10 @@
         $param .= '&event=' . $_REQUEST['event'];
     }
     if (isset($_REQUEST['from_time'])) {
-        $param .= '&from_time=' . $_REQUEST['from_time'];
+        $param .= '&from_time=' . $from_time;
     }
     if (isset($_REQUEST['until_time'])) {
-        $param .= '&until_time=' . $_REQUEST['until_time'];
+        $param .= '&until_time=' . $until_time;
     }
 
     $max_visible_pages = 10;
diff --git a/app/helpers/sanitize.php b/app/helpers/sanitize.php
new file mode 100644
index 0000000..4ed6b19
--- /dev/null
+++ b/app/helpers/sanitize.php
@@ -0,0 +1,29 @@
+<?php
+// sanitize all vars that may end up in URLs or forms
+
+$platform_id = htmlspecialchars($_REQUEST['platform']);
+if (isset($_REQUEST['page'])) {
+    $page = htmlspecialchars($_REQUEST['page']);
+} else {
+    $page = 'dashboard';
+}
+if (isset($_REQUEST['item'])) {
+    $item = htmlspecialchars($_REQUEST['item']);
+} else {
+    $item = '';
+}
+if (isset($_SESSION['notice'])) {
+    $notice = htmlspecialchars($_SESSION['notice']); // 'notice' for all non-critical messages
+}
+if (isset($_SESSION['error'])) {
+    $error = htmlspecialchars($_SESSION['error']); // 'error' for errors
+}
+if (isset($_REQUEST['from_time'])) {
+    $from_time = htmlspecialchars($_REQUEST['from_time']);
+}
+if (isset($_REQUEST['until_time'])) {
+    $until_time = htmlspecialchars($_REQUEST['until_time']);
+}
+
+
+?>
diff --git a/app/helpers/time_range.php b/app/helpers/time_range.php
index 15f2924..e025244 100644
--- a/app/helpers/time_range.php
+++ b/app/helpers/time_range.php
@@ -1,16 +1,14 @@
 <?php
 
 $time_range_specified = false;
-if (!isset($_REQUEST['from_time']) || (isset($_REQUEST['from_time']) && $_REQUEST['from_time'] == '')) {
+if (!isset($from_time) || (isset($from_time) && $from_time == '')) {
     $from_time = '0000-01-01';
 } else {
-    $from_time = $_REQUEST['from_time'];
     $time_range_specified = true;
 }
-if (!isset($_REQUEST['until_time']) || (isset($_REQUEST['until_time']) && $_REQUEST['until_time'] == '')) {
+if (!isset($until_time) || (isset($until_time) && $until_time == '')) {
     $until_time = '9999-12-31';
 } else {
-    $until_time = $_REQUEST['until_time'];
     $time_range_specified = true;
 }
 
diff --git a/app/pages/config.php b/app/pages/config.php
index 8a1f328..1ef2604 100644
--- a/app/pages/config.php
+++ b/app/pages/config.php
@@ -17,12 +17,18 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 //    $content = file_get_contents($config_file);
 //    $updatedContent = $content;
 
+    // sanitize
+    $type = htmlspecialchars($_POST['type']);
+    $url = htmlspecialchars($_POST['url']);
+    $secret_key = htmlspecialchars($_POST['secret_key']);
+    $name = htmlspecialchars($_POST['name']);
+
     // new agent adding
     if (isset($_POST['new']) && isset($_POST['item']) && $_POST['new'] === 'true' && $_POST['item'] === 'agent') {
         $newAgent = [
-            'type_id'       => $_POST['type'],
-            'url'           => $_POST['url'],
-            'secret_key'	=> $_POST['secret_key'],
+            'type_id'       => $type,
+            'url'           => $url,
+            'secret_key'	=> $secret_key,
         ];
         $result = $agentObject->addAgent($platform_id, $newAgent);
         if ($result === true) {
@@ -34,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     // new platform adding
     } elseif (isset($_POST['new']) && $_POST['new'] === 'true') {
         $newPlatform = [
-            'name'          => $_POST['name'],
+            'name'          => $name,
             'jitsi_url'		=> $_POST['jitsi_url'],
             'jilo_database'	=> $_POST['jilo_database'],
         ];
@@ -58,9 +64,9 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     } elseif (isset($_POST['agent'])) {
         $updatedAgent = [
             'id'            => $agent,
-            'agent_type_id' => $_POST['type'],
-            'url'           => $_POST['url'],
-            'secret_key'	=> $_POST['secret_key'],
+            'agent_type_id' => $type,
+            'url'           => $url,
+            'secret_key'	=> $secret_key,
         ];
         $result = $agentObject->editAgent($platform_id, $updatedAgent);
         if ($result === true) {
@@ -73,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     } else {
         $platform = $_POST['platform'];
         $updatedPlatform = [
-            'name'		    => $_POST['name'],
+            'name'		    => $name,
             'jitsi_url'		=> $_POST['jitsi_url'],
             'jilo_database'	=> $_POST['jilo_database'],
         ];
diff --git a/app/templates/agent-list.php b/app/templates/agent-list.php
index 8cb9797..bba0403 100644
--- a/app/templates/agent-list.php
+++ b/app/templates/agent-list.php
@@ -1,14 +1,14 @@
 
                 <!-- jilo agents -->
                 <div class="card text-center w-75 mx-lef">
-                    <p class="h4 card-header">Jilo Agents on platform <?= htmlspecialchars($platform_id) ?> (<?= htmlspecialchars($platformDetails[0]['name']) ?>)</p>
+                    <p class="h4 card-header">Jilo Agents on platform <?= $platform_id ?> (<?= $platformDetails[0]['name'] ?>)</p>
                     <div class="card-body">
 <?php foreach ($agentDetails as $agent) { ?>
                         <p class="card-text text-left" style="text-align: left;">
-                            agent id: <strong><?= htmlspecialchars($agent['id']) ?></strong>
-                            agent type: <?= htmlspecialchars($agent['agent_type_id']) ?> (<strong><?= htmlspecialchars($agent['agent_description']) ?></strong>)
+                            agent id: <strong><?= $agent['id'] ?></strong>
+                            agent type: <?= $agent['agent_type_id'] ?> (<strong><?= $agent['agent_description'] ?></strong>)
                             <br />
-                            endpoint: <strong><?= htmlspecialchars($agent['url']) ?><?= htmlspecialchars($agent['agent_endpoint']) ?></strong>
+                            endpoint: <strong><?= $agent['url'] ?><?= $agent['agent_endpoint'] ?></strong>
                             <br />
 <?php
     $payload = [
@@ -22,16 +22,16 @@
 //    print_r($_SESSION);
 ?>
 <?php if (isset($_SESSION["agent{$agent['id']}_cache"])) { ?>
-                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= htmlspecialchars($agent['id']) ?>', '<?= htmlspecialchars($agent['url']) ?>', '<?= htmlspecialchars($agent['agent_endpoint']) ?>', '<?= htmlspecialchars($jwt) ?>', true)">fetch data</button>
-                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= htmlspecialchars($agent['id']) ?>')">load cache</button>
-                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= htmlspecialchars($agent['id']) ?>')">clear cache</button>
-                            <span id="cacheInfo<?= htmlspecialchars($agent['id']) ?>" style="margin: 5px 0;"></span>
+                            <button id="agent<?= $agent['id'] ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= $agent['id'] ?>', '<?= $agent['url'] ?>', '<?= $agent['agent_endpoint'] ?>', '<?= htmlspecialchars($jwt) ?>', true)">fetch data</button>
+                            <button id="agent<?= $agent['id'] ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= $agent['id'] ?>')">load cache</button>
+                            <button id="agent<?= $agent['id'] ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= $agent['id'] ?>')">clear cache</button>
+                            <span id="cacheInfo<?= $agent['id'] ?>" style="margin: 5px 0;"></span>
 <?php } else { ?>
-                            <button id="agent<?= htmlspecialchars($agent['id']) ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= htmlspecialchars($agent['id']) ?>', '<?= htmlspecialchars($agent['url']) ?>', '<?= htmlspecialchars($agent['agent_endpoint']) ?>', '<?= htmlspecialchars($jwt) ?>')">fetch data</button>
-                            <button style="display: none" disabled id="agent<?= htmlspecialchars($agent['id']) ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= htmlspecialchars($agent['id']) ?>')">load cache</button>
-                            <button style="display: none" disabled id="agent<?= htmlspecialchars($agent['id']) ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= htmlspecialchars($agent['id']) ?>')">clear cache</button>
-                            <span style="display: none" id="cacheInfo<?= htmlspecialchars($agent['id']) ?>" style="margin: 5px 0;"></span>
+                            <button id="agent<?= $agent['id'] ?>-fetch" class="btn btn-primary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="get data from the agent" onclick="fetchData('<?= $agent['id'] ?>', '<?= $agent['url'] ?>', '<?= $agent['agent_endpoint'] ?>', '<?= htmlspecialchars($jwt) ?>')">fetch data</button>
+                            <button style="display: none" disabled id="agent<?= $agent['id'] ?>-cache" class="btn btn-secondary" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="load cache" onclick="loadCache('<?= $agent['id'] ?>')">load cache</button>
+                            <button style="display: none" disabled id="agent<?= $agent['id'] ?>-clear" class="btn btn-danger" data-toggle="tooltip" data-trigger="hover" data-placement="bottom" title="clear cache" onclick="clearCache('<?= $agent['id'] ?>')">clear cache</button>
+                            <span style="display: none" id="cacheInfo<?= $agent['id'] ?>" style="margin: 5px 0;"></span>
 <?php } ?>
                     </p>
-                        <pre class="results" id="result<?= htmlspecialchars($agent['id']) ?>">click a button to display data from the agent.</pre>
+                        <pre class="results" id="result<?= $agent['id'] ?>">click a button to display data from the agent.</pre>
 <?php } ?>
diff --git a/app/templates/block-results-filter.php b/app/templates/block-results-filter.php
index 29132c2..5c984b5 100644
--- a/app/templates/block-results-filter.php
+++ b/app/templates/block-results-filter.php
@@ -3,9 +3,9 @@
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
                         <form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
                             <input type="text" name="id" placeholder="ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
                             <input type="text" name="name" placeholder="name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
 <?php if ($page == 'participants') { ?>
diff --git a/app/templates/config-add-agent.php b/app/templates/config-add-agent.php
index 5d263d9..c93e732 100644
--- a/app/templates/config-add-agent.php
+++ b/app/templates/config-add-agent.php
@@ -1,10 +1,10 @@
 
                 <!-- widget "agents" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Add new Jilo Agent to Jitsi platform "<strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong>"</p>
+                    <p class="h4 card-header">Add new Jilo Agent to Jitsi platform "<strong><?= $platformDetails[0]['name'] ?></strong>"</p>
                     <div class="card-body">
                         <!--p class="card-text">add new agent:</p-->
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
+                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
 
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
diff --git a/app/templates/config-add-platform.php b/app/templates/config-add-platform.php
index 07e073f..b5c0666 100644
--- a/app/templates/config-add-platform.php
+++ b/app/templates/config-add-platform.php
@@ -4,7 +4,7 @@
                     <p class="h4 card-header">Add new Jitsi platform</p>
                     <div class="card-body">
                         <!--p class="card-text">add new platform:</p-->
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
+                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
 
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
diff --git a/app/templates/config-delete-agent.php b/app/templates/config-delete-agent.php
index 5e4cea1..ad53cca 100644
--- a/app/templates/config-delete-agent.php
+++ b/app/templates/config-delete-agent.php
@@ -1,30 +1,30 @@
 
                 <!-- widget "agents" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
+                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">delete an agent:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
+                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
 <?php
 foreach ($agentDetails[0] as $key => $value) {
 //    if ($key === 'id') continue;
 ?>
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
-                                    <label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= htmlspecialchars($key) ?>:</label>
+                                    <label for="<?= $key ?>" class="form-label"><?= $key ?>:</label>
                                 </div>
                                 <div class="col-md-8">
-                                    <div class="text-start"><?= htmlspecialchars($value ?? '')?></div>
-                                    <input type="hidden" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '')?>" />
+                                    <div class="text-start"><?= $value ?? '')?></div>
+                                    <input type="hidden" name="<?= $key ?>" value="<?= $value ?? '' ?>" />
                                 </div>
                             </div>
 <?php } ?>
                             <br />
-                            <input type="hidden" name="agent" value="<?= htmlspecialchars($agentDetails[0]['id']) ?>" />
+                            <input type="hidden" name="agent" value="<?= $agentDetails[0]['id'] ?>" />
                             <input type="hidden" name="delete" value="true" />
                             <p class="h5 text-danger">Are you sure you want to delete this agent?</p>
                             <br />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>agent<?= htmlspecialchars($agentDetails[0]['id']) ?>" />Cancel</a>
+                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>agent<?= $agentDetails[0]['id'] ?>" />Cancel</a>
                             <input type="submit" class="btn btn-danger" value="Delete" />
                         </form>
                     </div>
diff --git a/app/templates/config-delete-platform.php b/app/templates/config-delete-platform.php
index d7aeb9d..d115e7d 100644
--- a/app/templates/config-delete-platform.php
+++ b/app/templates/config-delete-platform.php
@@ -1,30 +1,30 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
+                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">delete a platform:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
+                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
 <?php
 foreach ($platformDetails[0] as $key => $value) {
     if ($key === 'id') continue;
 ?>
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
-                                    <label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= htmlspecialchars($key) ?>:</label>
+                                    <label for="<?= htmlspecialchars($key) ?>" class="form-label"><?= $key ?>:</label>
                                 </div>
                                 <div class="col-md-8">
-                                    <div class="text-start"><?= htmlspecialchars($value ?? '')?></div>
+                                    <div class="text-start"><?= $value ?? '' ?></div>
                                     <input type="hidden" name="<?= htmlspecialchars($key) ?>" value="<?= htmlspecialchars($value ?? '')?>" />
                                 </div>
                             </div>
 <?php } ?>
                             <br />
-                            <input type="hidden" name="platform" value="<?= htmlspecialchars($platform_id) ?>" />
+                            <input type="hidden" name="platform" value="<?= $platform_id ?>" />
                             <input type="hidden" name="delete" value="true" />
                             <p class="h5 text-danger">Are you sure you want to delete this platform?</p>
                             <br />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>" />Cancel</a>
+                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>" />Cancel</a>
                             <input type="submit" class="btn btn-danger" value="Delete" />
                         </form>
                     </div>
diff --git a/app/templates/config-edit-agent.php b/app/templates/config-edit-agent.php
index ff50596..0f50e8e 100644
--- a/app/templates/config-edit-agent.php
+++ b/app/templates/config-edit-agent.php
@@ -1,10 +1,10 @@
 
                 <!-- agents -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
+                    <p class="h4 card-header">Jilo Agent configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">edit the agent details:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
+                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
 
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
@@ -30,7 +30,7 @@
                                     <span class="text-danger" style="margin-right: -12px;">*</span>
                                 </div>
                                 <div class="col-md-8">
-                                    <input class="form-control" type="text" name="url" value="<?= htmlspecialchars($agentDetails[0]['url'])?>" required />
+                                    <input class="form-control" type="text" name="url" value="<?= $agentDetails[0]['url'] ?>" required />
                                     <p class="text-start"><small>URL of the Jilo Agent API (https://example.com:8081)</small></p>
                                 </div>
                             </div>
@@ -41,15 +41,15 @@
                                     <span class="text-danger" style="margin-right: -12px;">*</span>
                                 </div>
                                 <div class="col-md-8">
-                                    <input class="form-control" type="text" name="secret_key" value="<?= htmlspecialchars($agentDetails[0]['secret_key'])?>" required />
+                                    <input class="form-control" type="text" name="secret_key" value="<?= $agentDetails[0]['secret_key'] ?>" required />
                                     <p class="text-start"><small>secret key for generating the access JWT token</small></p>
                                 </div>
                             </div>
 
 
                             <br />
-                            <input type="hidden" name="agent" value="<?= htmlspecialchars($agentDetails[0]['id']) ?>" />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>agent<?= htmlspecialchars($agentDetails[0]['id']) ?>" />Cancel</a>
+                            <input type="hidden" name="agent" value="<?= $agentDetails[0]['id'] ?>" />
+                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>agent<?= $agentDetails[0]['id'] ?>" />Cancel</a>
                             <input type="submit" class="btn btn-primary" value="Save" />
                         </form>
                     </div>
diff --git a/app/templates/config-edit-platform.php b/app/templates/config-edit-platform.php
index 1b9f83d..98af5f8 100644
--- a/app/templates/config-edit-platform.php
+++ b/app/templates/config-edit-platform.php
@@ -1,17 +1,17 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-50 mx-auto">
-                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= htmlspecialchars($platformDetails[0]['name']) ?>"</strong></p>
+                    <p class="h4 card-header">Jilo web configuration for Jitsi platform <strong>"<?= $platformDetails[0]['name'] ?>"</strong></p>
                     <div class="card-body">
                         <p class="card-text">edit the platform details:</p>
-                        <form method="POST" action="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config">
+                        <form method="POST" action="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config">
 <?php
 foreach ($platformDetails[0] as $key => $value) {
     if ($key === 'id') continue;
 ?>
                             <div class="row mb-3">
                                 <div class="col-md-4 text-end">
-                                    <label for="<?= htmlspecialchars($config_item) ?>" class="form-label"><?= htmlspecialchars($key) ?></label>
+                                    <label for="<?= htmlspecialchars($config_item) ?>" class="form-label"><?= $key ?></label>
                                     <span class="text-danger" style="margin-right: -12px;">*</span>
                                 </div>
                                 <div class="col-md-8">
@@ -27,8 +27,8 @@ foreach ($platformDetails[0] as $key => $value) {
                             </div>
 <?php } ?>
                             <br />
-                            <input type="hidden" name="platform" value="<?= htmlspecialchars($platform_id) ?>" />
-                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= htmlspecialchars($platform_id) ?>" />Cancel</a>
+                            <input type="hidden" name="platform" value="<?= $platform_id ?>" />
+                            <a class="btn btn-secondary" href="<?= $app_root ?>?page=config#platform<?= $platform_id ?>" />Cancel</a>
                             <input type="submit" class="btn btn-primary" value="Save" />
                         </form>
                     </div>
diff --git a/app/templates/config-list-configjs.php b/app/templates/config-list-configjs.php
index bfd6e8a..f4bd96f 100644
--- a/app/templates/config-list-configjs.php
+++ b/app/templates/config-list-configjs.php
@@ -1,20 +1,20 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-75 mx-lef">
-                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong></p>
+                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= $platformDetails[0]['name'] ?></strong></p>
                     <div class="card-body">
                         <p class="card-text">
-                            <span class="m-3">URL: <?= htmlspecialchars($platformDetails[0]['jitsi_url']) ?></span>
+                            <span class="m-3">URL: <?= $platformDetails[0]['jitsi_url'] ?></span>
                             <span class="m-3">FILE: config.js</span>
 <?php if ($mode === 'raw') { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs">view only active lines</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs">view only active lines</a></span>
 <?php } else { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=configjs&mode=raw">view raw file contents</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=configjs&mode=raw">view raw file contents</a></span>
 <?php } ?>
                         </p>
 <pre class="results">
 <?php
-echo htmlspecialchars($platformConfigjs);
+echo $platformConfigjs;
 ?>
 </pre>
                     </div>
diff --git a/app/templates/config-list-interfaceconfigjs.php b/app/templates/config-list-interfaceconfigjs.php
index d37a23a..cf6a4f7 100644
--- a/app/templates/config-list-interfaceconfigjs.php
+++ b/app/templates/config-list-interfaceconfigjs.php
@@ -1,20 +1,20 @@
 
                 <!-- widget "config" -->
                 <div class="card text-center w-75 mx-lef">
-                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= htmlspecialchars($platformDetails[0]['name']) ?></strong></p>
+                    <p class="h4 card-header">Configuration of the Jitsi platform <strong><?= $platformDetails[0]['name'] ?></strong></p>
                     <div class="card-body">
                         <p class="card-text">
-                            <span class="m-3">URL: <?= htmlspecialchars($platformDetails[0]['jitsi_url']) ?></span>
+                            <span class="m-3">URL: <?= $platformDetails[0]['jitsi_url'] ?></span>
                             <span class="m-3">FILE: interface_config.js</span>
 <?php if ($mode === 'raw') { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs">view only active lines</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs">view only active lines</a></span>
 <?php } else { ?>
-                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= htmlspecialchars($platform_id) ?>&page=config&item=interfaceconfigjs&mode=raw">view raw file contents</a></span>
+                            <span class="m-3"><a class="btn btn-light" href="<?= $app_root ?>?platform=<?= $platform_id ?>&page=config&item=interfaceconfigjs&mode=raw">view raw file contents</a></span>
 <?php } ?>
                         </p>
 <pre class="results">
 <?php
-echo htmlspecialchars($platformInterfaceConfigjs);
+echo $platformInterfaceConfigjs;
 ?>
 </pre>
                     </div>
diff --git a/app/templates/event-list-components.php b/app/templates/event-list-components.php
index 6416189..51d3aa1 100644
--- a/app/templates/event-list-components.php
+++ b/app/templates/event-list-components.php
@@ -6,9 +6,9 @@
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
                         <form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
                             <input type="text" name="id" placeholder="component ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
                             <input type="text" name="name" placeholder="component name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
                             <input type="text" name="event" placeholder="event name"<?php if (isset($_REQUEST['event'])) echo " value=\"" . $_REQUEST['event'] . "\"" ?> />
@@ -42,7 +42,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col"><?= htmlspecialchars($header) ?></th>
+                                    <th scope="col"><?= $header ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -51,11 +51,11 @@
                                 <tr>
 <?php        foreach ($row as $key => $column) { ?>
 <?php               if ($key === 'component ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'component') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } else { ?>
-                                    <td><?= htmlspecialchars($column ?? '') ?></td>
+                                    <td><?= $column ?? '' ?></td>
 <?php               }
                 } ?>
                                 </tr>
diff --git a/app/templates/event-list-conferences.php b/app/templates/event-list-conferences.php
index d72c948..f3aa04b 100644
--- a/app/templates/event-list-conferences.php
+++ b/app/templates/event-list-conferences.php
@@ -6,9 +6,9 @@
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
                         <form method="POST" id="filter_form" action="?platform=<?= $platform_id?>&page=<?= $page ?>">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
                             <input type="text" name="id" placeholder="conference ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
                             <input type="text" name="name" placeholder="conference name"<?php if (isset($_REQUEST['name'])) echo " value=\"" . $_REQUEST['name'] . "\"" ?> />
                             <input type="button" onclick="clearFilter()" value="clear" />
@@ -41,7 +41,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col"><?= htmlspecialchars($header) ?></th>
+                                    <th scope="col"><?= $header ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -55,21 +55,21 @@
 
             foreach ($row as $key => $column) {
                     if ($key === 'conference ID' && isset($conferenceId) && $conferenceId === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($key === 'conference ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'conference name' && isset($conferenceName) && $conferenceName === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($key === 'conference name') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'participant ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($stats_id && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($participant_ip && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } else { ?>
-                                    <td><?= htmlspecialchars($column ?? '') ?></td>
+                                    <td><?= $column ?? '' ?></td>
 <?php               }
             } ?>
                                 </tr>
diff --git a/app/templates/logs-filter.php b/app/templates/logs-filter.php
index 6ccf7c9..7de2cc6 100644
--- a/app/templates/logs-filter.php
+++ b/app/templates/logs-filter.php
@@ -3,9 +3,9 @@
                     <div class="card w-auto bg-light border-light card-body text-right" style="text-align: right;">
                         <form method="POST" id="filter_form" action="?page=logs">
                             <label for="from_time">from</label>
-                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $_REQUEST['from_time'] . "\"" ?> />
+                            <input type="date" id="from_time" name="from_time"<?php if (isset($_REQUEST['from_time'])) echo " value=\"" . $from_time . "\"" ?> />
                             <label for="until_time">until</label>
-                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $_REQUEST['until_time'] . "\"" ?> />
+                            <input type="date" id="until_time" name="until_time"<?php if (isset($_REQUEST['until_time'])) echo " value=\"" . $until_time . "\"" ?> />
                             <input type="text" name="id" placeholder="user ID"<?php if (isset($_REQUEST['id'])) echo " value=\"" . $_REQUEST['id'] . "\"" ?> />
                             <input type="text" name="message" placeholder="message"<?php if (isset($_REQUEST['message'])) echo " value=\"" . $_REQUEST['message'] . "\"" ?> />
                             <input type="button" onclick="clearFilter()" value="clear" />
diff --git a/app/templates/logs-list.php b/app/templates/logs-list.php
index b88ba2c..4456642 100644
--- a/app/templates/logs-list.php
+++ b/app/templates/logs-list.php
@@ -24,7 +24,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col" class="th-<?= htmlspecialchars($header) ?>"><?= htmlspecialchars($header) ?></th>
+                                    <th scope="col" class="th-<?= $header ?>"><?= $header ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -34,9 +34,9 @@
 <?php
             foreach ($row as $key => $column) {
                     if ($key === 'user ID' && isset($user_id) && $user_id === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } else { ?>
-                                    <td><?= htmlspecialchars($column ?? '') ?></td>
+                                    <td><?= $column ?? '' ?></td>
 <?php               }
                 } ?>
                                 </tr>
diff --git a/app/templates/page-menu.php b/app/templates/page-menu.php
index 9470040..6db1344 100644
--- a/app/templates/page-menu.php
+++ b/app/templates/page-menu.php
@@ -17,7 +17,7 @@
 ?>
                 <li style="margin-right: 3px;">
                     <a style="background-color: #111;" href="<?= htmlspecialchars($platform_switch_url) ?>">
-                        <?= htmlspecialchars($platform['name']) ?>
+                        <?= $platform['name'] ?>
                     </a>
                 </li>
 <?php } ?>
diff --git a/app/templates/profile-edit.php b/app/templates/profile-edit.php
index 08c1a62..e76e1d2 100644
--- a/app/templates/profile-edit.php
+++ b/app/templates/profile-edit.php
@@ -98,7 +98,7 @@
     } ?>
                                             <div class="form-check">
                                                 <input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
-                                                <label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
+                                                <label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= $right['right_name'] ?></label>
                                             </div>
 <?php } ?>
                                         </div>
diff --git a/app/templates/widget-monthly.php b/app/templates/widget-monthly.php
index 624941e..045fb32 100644
--- a/app/templates/widget-monthly.php
+++ b/app/templates/widget-monthly.php
@@ -27,7 +27,7 @@
                                 <tr>
                                     <th scope="col"></th>
 <?php     foreach ($widget['records'] as $record) { ?>
-                                    <th scope="col"><?= htmlspecialchars($record['table_headers']) ?></th>
+                                    <th scope="col"><?= $record['table_headers'] ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -36,7 +36,7 @@
                                     <td>conferences</td>
 <?php     foreach ($widget['records'] as $record) { ?>
                                     <td><?php if (!empty($record['conferences'])) { ?>
-                                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= htmlspecialchars($record['conferences']) ?></a> <?php } else { ?>
+                                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= $record['conferences'] ?></a> <?php } else { ?>
                                         0<?php } ?>
                                     </td>
 <?php     } ?>
@@ -45,7 +45,7 @@
                                     <td>participants</td>
 <?php     foreach ($widget['records'] as $record) { ?>
                                     <td><?php if (!empty($record['participants'])) { ?>
-                                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= htmlspecialchars($record['participants']) ?></a> <?php } else { ?>
+                                        <a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&from_time=<?= $record['from_time'] ?>&until_time=<?= $record['until_time'] ?>"><?= $record['participants'] ?></a> <?php } else { ?>
                                         0<?php } ?>
                                     </td>
 <?php     } ?>
diff --git a/app/templates/widget.php b/app/templates/widget.php
index 53051fc..888ab79 100644
--- a/app/templates/widget.php
+++ b/app/templates/widget.php
@@ -24,7 +24,7 @@
                             <thead class="thead-dark">
                                 <tr>
 <?php     foreach ($widget['table_headers'] as $header) { ?>
-                                    <th scope="col"><?= htmlspecialchars($header) ?></th>
+                                    <th scope="col"><?= $header ?></th>
 <?php     } ?>
                                 </tr>
                             </thead>
@@ -37,31 +37,31 @@
             if (isset($row['event']) && $row['event'] === 'pair selected') $participant_ip = true;
             foreach ($row as $key => $column) {
                     if ($key === 'conference ID' && isset($conferenceId) && $conferenceId === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($key === 'conference ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'conference name' && isset($conferenceName) && $conferenceName === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($key === 'conference name') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=conferences&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'participant ID' && isset($participantId) && $participantId === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($key === 'participant ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'component ID') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&id=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($stats_id && $key === 'parameter' && isset($participantName) && $participantName === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($stats_id && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($participant_ip && $key === 'parameter' && isset($participantIp) && $participantIp === $column) { ?>
-                                    <td><strong><?= htmlspecialchars($column ?? '') ?></strong></td>
+                                    <td><strong><?= $column ?? '' ?></strong></td>
 <?php               } elseif ($participant_ip && $key === 'parameter') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=participants&ip=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } elseif ($key === 'component') { ?>
-                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= htmlspecialchars($column ?? '') ?></a></td>
+                                    <td><a href="<?= $app_root ?>?platform=<?= $platform_id?>&page=components&name=<?= htmlspecialchars($column ?? '') ?>"><?= $column ?? '' ?></a></td>
 <?php               } else { ?>
-                                    <td><?= htmlspecialchars($column ?? '') ?></td>
+                                    <td><?= $column ?? '' ?></td>
 <?php               }
                 } ?>
                                 </tr>
diff --git a/public_html/index.php b/public_html/index.php
index de4037b..9b795a8 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -15,6 +15,9 @@
 // flush it later only when there is no redirect
 ob_start();
 
+// sanitize all vars that may end up in URLs or forms
+require '../app/helpers/sanitize.php';
+
 require '../app/helpers/errors.php';
 
 // error reporting, comment out in production
@@ -65,22 +68,11 @@ if ($config_file) {
     die('Config file not found');
 }
 
-$app_root = $config['folder'];
+$app_root = htmlspecialchars($config['folder']);
 
 session_name('jilo');
 session_start();
 
-if (isset($_REQUEST['page'])) {
-    $page = $_REQUEST['page'];
-} else {
-    $page = 'dashboard';
-}
-if (isset($_REQUEST['item'])) {
-    $item = $_REQUEST['item'];
-} else {
-    $item = '';
-}
-
 // check if logged in
 unset($currentUser);
 if (isset($_COOKIE['username'])) {
@@ -96,14 +88,6 @@ if ( !isset($_COOKIE['username']) && ($page !== 'login' && $page !== 'register')
     exit();
 }
 
-// we use 'notice' for all non-critical messages and 'error' for errors
-if (isset($_SESSION['notice'])) {
-    $notice = $_SESSION['notice'];
-}
-if (isset($_SESSION['error'])) {
-    $error = $_SESSION['error'];
-}
-
 // connect to db of Jilo Web
 require '../app/classes/database.php';
 require '../app/helpers/database.php';
@@ -121,8 +105,10 @@ $platformObject = new Platform($dbWeb);
 $platformsAll = $platformObject->getPlatformDetails();
 
 // by default we connect ot the first configured platform
-$firstPlatform = $platformsAll[0]['id'];
-$platform_id = $_REQUEST['platform'] ?? $firstPlatform;
+if ($platform_id == '') {
+    $platform_id = $platformsAll[0]['id'];
+}
+
 $platformDetails = $platformObject->getPlatformDetails($platform_id);
 
 // init user functions