diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java
index 6e6697ad23..3f5c07aad6 100755
--- a/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java
+++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/util/ParamsUtil.java
@@ -21,6 +21,10 @@ public class ParamsUtil {
     return text.replaceAll("\\p{Cc}", "").trim();
   }
 
+  public static String stripTags(String text) {
+    return text.replaceAll("<[^>]*>", "");
+}
+
   public static String escapeHTMLTags(String value) {
     return StringEscapeUtils.escapeHtml4(value);
   }
diff --git a/bigbluebutton-html5/imports/ui/components/chat/service.js b/bigbluebutton-html5/imports/ui/components/chat/service.js
index aaceb63a3b..71fe57125a 100755
--- a/bigbluebutton-html5/imports/ui/components/chat/service.js
+++ b/bigbluebutton-html5/imports/ui/components/chat/service.js
@@ -346,13 +346,14 @@ const removePackagedClassAttribute = (classnames, attribute) => {
 };
 
 const getExportedPresentationString = (fileURI, filename, intl, fileStateType) => {
+  const sanitizedFilename = stripTags(filename);
   const intlFileStateType = fileStateType === 'Original' ? intlMessages.original : intlMessages.withWhiteboardAnnotations;
   const href = `${APP.bbbWebBase}/${fileURI}`;
   const warningIcon = '<i class="icon-bbb-warning"></i>';
   const label = `<span>${intl.formatMessage(intlMessages.download)}</span>`;
   const notAccessibleWarning = `<span title="${intl.formatMessage(intlMessages.notAccessibleWarning)}">${warningIcon}</span>`;
   const link = `<a aria-label="${intl.formatMessage(intlMessages.notAccessibleWarning)}" href=${href} type="application/pdf" target="_blank" rel="noopener, noreferrer" download>${label}&nbsp;${notAccessibleWarning}</a>`;
-  const name = `<span>${filename} (${intl.formatMessage(intlFileStateType)})</span>`;
+  const name = `<span>${sanitizedFilename} (${intl.formatMessage(intlFileStateType)})</span>`;
   return `${name}</br>${link}`;
 };
 
diff --git a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/PresentationController.groovy b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/PresentationController.groovy
index e87b34c5f2..5d5d50f251 100755
--- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/PresentationController.groovy
+++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/PresentationController.groovy
@@ -30,6 +30,7 @@ import org.apache.commons.io.FilenameUtils;
 import org.bigbluebutton.web.services.PresentationService
 import org.bigbluebutton.presentation.UploadedPresentation
 import org.bigbluebutton.api.MeetingService;
+import org.bigbluebutton.api.util.ParamsUtil;
 import org.bigbluebutton.api.Util;
 
 class PresentationController {
@@ -161,6 +162,7 @@ class PresentationController {
       // Gets the name minus the path from a full fileName.
       // a/b/c.txt --> c.txt
       presFilename =  FilenameUtils.getName(presOrigFilename)
+      presFilename = ParamsUtil.stripTags(presFilename)
       filenameExt = FilenameUtils.getExtension(presFilename)
     } else {
       log.warn "Upload failed. File Empty."