diff --git a/pandora_console/operation/messages/message_edit.php b/pandora_console/operation/messages/message_edit.php
index 039222436e..0b9bca18ad 100644
--- a/pandora_console/operation/messages/message_edit.php
+++ b/pandora_console/operation/messages/message_edit.php
@@ -127,17 +127,7 @@ if ($read_message) {
             ).' '.$user_name;
         }
 
-        $order = [
-            "\r\n",
-            "\n",
-            "\r",
-        ];
-        $replace = '<br />';
-        $parsed_message = str_replace(
-            $order,
-            $replace,
-            trim(io_safe_output($row['message']))
-        );
+        $parsed_message = nl2br(htmlspecialchars(trim(io_safe_output($row['message']))));
 
         echo '<div class="container">';
         echo '  <p>'.$parsed_message.'</p>';