diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 78040c55318ea9050dec03ffc27e9690354dc00c..cc65a9ba6a8a8e1053ce4eab376899cd5bba25a1 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -814,32 +814,13 @@ function strcasecmp_accents_callback() {
  */
 function purifyHtmlEventAttributes($value,$replaceAll = false){
 	
-$tmp_markers = $office365ImageMarkers =  array();
-$value = Vtiger_Functions::strip_base64_data($value,true,$tmp_markers);	
-$value = Vtiger_Functions::stripInlineOffice365Image($value,true,$office365ImageMarkers);		
-$tmp_markers = array_merge($tmp_markers, $office365ImageMarkers);
-
-$htmlEventAttributes = "onerror|onblur|onchange|oncontextmenu|onfocus|oninput|oninvalid|onresize|onauxclick|oncancel|oncanplay|oncanplaythrough|".
-                        "onreset|onsearch|onselect|onsubmit|onkeydown|onkeypress|onkeyup|onclose|oncuechange|ondurationchange|onemptied|onended|".
-                        "onclick|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragexit|onformdata|onloadeddata|onloadedmetadata|".
-                        "ondragstart|ondrop|onmousedown|onmousemove|onmouseout|onmouseover|onmouseenter|onmouseleave|onpause|onplay|onplaying|".
-                        "onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste|onload|onprogress|onratechange|onsecuritypolicyviolation|".
-                        "onselectionchange|onabort|onselectstart|onstart|onfinish|onloadstart|onshow|onreadystatechange|onseeked|onslotchange|".
-                        "onseeking|onstalled|onsubmit|onsuspend|ontimeupdate|ontoggle|onvolumechange|onwaiting|onwebkitanimationend|onstorage|".
-                        "onwebkitanimationiteration|onwebkitanimationstart|onwebkittransitionend|onafterprint|onbeforeprint|onbeforeunload|".
-                        "onhashchange|onlanguagechange|onmessage|onmessageerror|onoffline|ononline|onpagehide|onpageshow|onpopstate|onunload|".
-                        "onrejectionhandled|onunhandledrejection|onloadend|onpointerenter|ongotpointercapture|onlostpointercapture|onpointerdown|".
-                        "onpointermove|onpointerup|onpointercancel|onpointerover|onpointerout|onpointerleave|onactivate|onafterscriptexecute|".
-                        "onanimationcancel|onanimationend|onanimationiteration|onanimationstart|onbeforeactivate|onbeforedeactivate|onbeforescriptexecute|".
-                        "onbegin|onbounce|ondeactivate|onend|onfocusin|onfocusout|onrepeat|ontransitioncancel|ontransitionend|ontransitionrun|".
-                        "ontransitionstart|onbeforecopy|onbeforecut|onbeforepaste|onfullscreenchange|onmozfullscreenchange|onpointerrawupdate|".
-                        "ontouchend|ontouchmove|ontouchstart";
-
+	$tmp_markers = $office365ImageMarkers =  array();
+	$value = Vtiger_Functions::strip_base64_data($value,true,$tmp_markers);	
+	$value = Vtiger_Functions::stripInlineOffice365Image($value,true,$office365ImageMarkers);		
+	$tmp_markers = array_merge($tmp_markers, $office365ImageMarkers);
     // remove malicious html attributes with its value.
     if ($replaceAll) {
-        $regex = '\s*[=&%#]\s*(?:"[^"]*"[\'"]*|\'[^\']*\'[\'"]*|[^]*[\s\/>])*/i';
-        $value = preg_replace("/\s*(" . $htmlEventAttributes . ")" . $regex, '', $value);
-		
+        $value = preg_replace('/\b(alert|on\w+)\s*\([^)]*\)|\s*(?:on\w+)=(".*?"|\'.*?\'|[^\'">\s]+)\s*/', '', $value);
         //remove script tag with contents
         $value = purifyScript($value);
         //purify javascript alert from the tag contents
diff --git a/layouts/v7/modules/Vtiger/Header.tpl b/layouts/v7/modules/Vtiger/Header.tpl
index 6e5e79f46fb100dc4c3ea3e08236e516e23019af..cd72c18daa43c2b5a01c4e5733f99f1780c9e42b 100644
--- a/layouts/v7/modules/Vtiger/Header.tpl
+++ b/layouts/v7/modules/Vtiger/Header.tpl
@@ -61,7 +61,7 @@
             {if $CURRENT_USER_MODEL}
                _USERMETA =  { 'id' : "{$CURRENT_USER_MODEL->get('id')}", 'menustatus' : "{$CURRENT_USER_MODEL->get('leftpanelhide')}", 
                               'currency' : "{decode_html($USER_CURRENCY_SYMBOL)}", 'currencySymbolPlacement' : "{$CURRENT_USER_MODEL->get('currency_symbol_placement')}",
-                          'currencyGroupingPattern' : "{$CURRENT_USER_MODEL->get('currency_grouping_pattern')}", 'truncateTrailingZeros' : "{$CURRENT_USER_MODEL->get('truncate_trailing_zeros')}",'userlabel':"{vtlib_purify(decode_html($CURRENT_USER_MODEL->get('userlabel')))}",};
+                          'currencyGroupingPattern' : "{$CURRENT_USER_MODEL->get('currency_grouping_pattern')}", 'truncateTrailingZeros' : "{$CURRENT_USER_MODEL->get('truncate_trailing_zeros')}",'userlabel':"{($CURRENT_USER_MODEL->get('userlabel'))|escape:html}",};
             {/if}
 		</script>
 	</head>
diff --git a/modules/Users/Users.php b/modules/Users/Users.php
index b0ad5bd58992e3ea6253da2f59808d1ae4b4b36b..b88c9f8dc80954a434a3bfd912e5f44acd5a69dd 100755
--- a/modules/Users/Users.php
+++ b/modules/Users/Users.php
@@ -779,7 +779,7 @@ class Users extends CRMEntity {
 			}
 			$userlabel = trim(decode_html($userlabel));
 			
-			$this->column_fields['userlabel'] = strip_tags($userlabel);
+			$this->column_fields['userlabel'] = vtlib_strip_quoted(strip_tags($userlabel));
 		}
 
 		if($insertion_mode == 'edit') {