diff --git a/modules/Users/actions/Save.php b/modules/Users/actions/Save.php
index 46c811da135ef37670fd45a7bf7e564269f3eeea..2d2088431c1cfa7983aff4f9992f395453864755 100644
--- a/modules/Users/actions/Save.php
+++ b/modules/Users/actions/Save.php
@@ -78,8 +78,9 @@ class Users_Save_Action extends Vtiger_Save_Action {
 			}
             if($fieldName == 'signature' && $fieldValue !== null){
                 $fieldValue = $request->getRaw($fieldName);
-                $processedContent = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $fieldValue);
-                $fieldValue = to_html(purifyHtmlEventAttributes($processedContent,TRUE));
+                $purifiedContent = vtlib_purify(decode_html($fieldValue));
+                // Purify malicious html event attributes
+                $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent),true);
 			}
 
 			if($fieldValue !== null) {
diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index 8b184db815e710a705b6969bd34107262a91fd20..5a7c00d1b16cde1208a7493e8bcedd6305bb39fa 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -162,8 +162,9 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
 			}
             if($fieldName == 'notecontent' && $fieldValue !== null){
                 $fieldValue = $request->getRaw($fieldName);
-                $processedContent = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $fieldValue);
-                $fieldValue = to_html(purifyHtmlEventAttributes($processedContent,TRUE));
+                $purifiedContent = vtlib_purify(decode_html($fieldValue));
+                // Purify malicious html event attributes
+                $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent),true);
 			}
 			if($fieldValue !== null) {
 				if(!is_array($fieldValue) && $fieldDataType != 'currency') {