diff --git a/src/main/webapp/datachannel_example.html b/src/main/webapp/datachannel_example.html
index b67830ca..f1017bfb 100644
--- a/src/main/webapp/datachannel_example.html
+++ b/src/main/webapp/datachannel_example.html
@@ -372,9 +372,6 @@ <h2 text-align:center>Chat Window</h2>
       createNewMessage(text, dateObj.toLocaleTimeString(), true);
       $("#dataTextbox").val("");
     }
-    function sanitizeHTML(text) {
-    return text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
-    }
     function createNewMessage(message, date, sentByUs) {
       if ($.trim(message) == "") {
         return false;
@@ -382,7 +379,7 @@ <h2 text-align:center>Chat Window</h2>
       if (sentByUs) {
         $(
           '<div class="outgoing_msg row"><div class="col"><div class="sent_msg">	<p>' +
-            sanitizeHTML(message) +
+            webRTCAdaptor.sanitizeHTML(message) +
             '</p><span class="time_date">' +
             date +
             "</span></div></div></div>"
@@ -390,7 +387,7 @@ <h2 text-align:center>Chat Window</h2>
       } else {
         $(
           '<div class="incoming_msg row"><div class="col" ><div class="received_msg"><div class="received_withd_msg"><p>' +
-            sanitizeHTML(message)  +
+            message  +
             '</p><span class="time_date">' +
             date +
             "</span></div></div></div>"
diff --git a/src/main/webapp/js/webrtc_adaptor.js b/src/main/webapp/js/webrtc_adaptor.js
index 35272306..c1182fe1 100644
--- a/src/main/webapp/js/webrtc_adaptor.js
+++ b/src/main/webapp/js/webrtc_adaptor.js
@@ -924,7 +924,12 @@ export class WebRTCAdaptor {
             Logger.debug("No event.candidate in the iceCandidate event");
         }
     }
-
+    // sanatize text if it contains script to prevent xss
+    sanitizeHTML(text) {
+        if(text.includes("script"))
+            return text.replace(/</g, "&lt;").replace(/>/g, "&gt;"); 
+        return text
+        }
     /**
      * Called internally to initiate Data Channel.
      * Note that Data Channel should be enabled fromAMS settings.
@@ -953,6 +958,7 @@ export class WebRTCAdaptor {
             var data = obj.data;
 
             if (typeof data === 'string' || data instanceof String) {
+                obj.data = this.sanitizeHTML(obj.data)
                 this.notifyEventListeners("data_received", obj);
             } else {
                 var length = data.length || data.size || data.byteLength;
diff --git a/src/main/webapp/samples/datachannel_only_webrtc_frame.html b/src/main/webapp/samples/datachannel_only_webrtc_frame.html
index 4256c9a3..777bb389 100644
--- a/src/main/webapp/samples/datachannel_only_webrtc_frame.html
+++ b/src/main/webapp/samples/datachannel_only_webrtc_frame.html
@@ -226,9 +226,7 @@
 					}
 					else if (info == "data_received") {
 						console.log("Data received: " + obj.data + " type: " + obj.type + " for stream: " + obj.streamId);
-						if (obj.data.eventType === undefined){
 						$("#dataMessagesTextarea").append("Received: " + obj.data + "\r\n");
-						}
 					}
 					else {
 						console.log( info + " notification received");
diff --git a/src/test/js/test/webrtc_adaptor.test.js b/src/test/js/test/webrtc_adaptor.test.js
index b34b1378..dec33e35 100644
--- a/src/test/js/test/webrtc_adaptor.test.js
+++ b/src/test/js/test/webrtc_adaptor.test.js
@@ -260,6 +260,20 @@ describe("WebRTCAdaptor", function() {
 
 	});
 
+	it("sanitize HTML",async function(){
+		var adaptor = new WebRTCAdaptor({
+			websocketURL: "ws://example.com",
+			isPlayMode: true
+		});
+		var scriptMsg = "<script>alert(1)</script>"; //message with script
+		var sanitizeMsg = adaptor.sanitizeHTML(scriptMsg);
+		assert.notEqual(scriptMsg,sanitizeMsg)
+
+		var text="hi how are you"; //message without script
+		var message = adaptor.sanitizeHTML(text)
+		assert.strictEqual(text,message)
+	})
+	
 	it("Reconnection for publish", async function()
 	{
 		var adaptor = new WebRTCAdaptor({