Index: trunk/webapps/cptms/js/cmsLayer.js
===================================================================
--- trunk/webapps/cptms/js/cmsLayer.js	(revision 426)
+++ trunk/webapps/cptms/js/cmsLayer.js	(revision 440)
@@ -90,18 +90,21 @@
         // apply the padding
         var padding = kBlanks.substring(0, padLen);
-        // Fix defect #122.   Remove semicolons from input.
-        message = message.replace(/;/gi, ""); 
         return padding + message;
     }
-
+    // Remove harmful characters from the message
+    // Fix defect #122.   
+    function sanitize(text)
+    {
+        return text.replace(/[;:,"]/gi, ""); 
+    }
     function handleCMSsubmit()
     {
         // recover the user's response
-        var response1 = document.getElementById('msgcontent1').value.trim();
-        var response2 = document.getElementById('msgcontent2').value.trim();
-        var response3 = document.getElementById('msgcontent3').value.trim();
-        var response4 = document.getElementById('msgcontent4').value.trim();
-        var response5 = document.getElementById('msgcontent5').value.trim();
-        var response6 = document.getElementById('msgcontent6').value.trim();
+        var response1 = sanitize(document.getElementById('msgcontent1').value.trim());
+        var response2 = sanitize(document.getElementById('msgcontent2').value.trim());
+        var response3 = sanitize(document.getElementById('msgcontent3').value.trim());
+        var response4 = sanitize(document.getElementById('msgcontent4').value.trim());
+        var response5 = sanitize(document.getElementById('msgcontent5').value.trim());
+        var response6 = sanitize(document.getElementById('msgcontent6').value.trim());
         var newMsg = response1 + response2 + response3 + response4 + response5 + response6;
         if (newMsg.length == 0)