Index: trunk/webapps/cptms/js/harLayer.js
===================================================================
--- trunk/webapps/cptms/js/harLayer.js	(revision 426)
+++ trunk/webapps/cptms/js/harLayer.js	(revision 440)
@@ -77,5 +77,5 @@
         var response1 = document.getElementById('har-msgcontent1').value.trim();
 
-        var newMsg = response1.replace(/;/gi, "");  // remove semicolons from input
+        var newMsg = response1.replace(/[;:",]/gi, "");  // remove semicolons from input
 
         if (newMsg.length == 0)
@@ -85,7 +85,7 @@
         else
         {
-            document.getElementById('har-msgdisplay1').value = response1;
+            document.getElementById('har-msgdisplay1').value = newMsg;
 
-            saveHARMessage(response1);
+            saveHARMessage(newMsg);
         }
     }
Index: trunk/webapps/cptms/js/cmsLayer.js
===================================================================
--- trunk/webapps/cptms/js/cmsLayer.js	(revision 426)
+++ trunk/webapps/cptms/js/cmsLayer.js	(revision 440)
@@ -90,18 +90,21 @@
         // apply the padding
         var padding = kBlanks.substring(0, padLen);
-        // Fix defect #122.   Remove semicolons from input.
-        message = message.replace(/;/gi, ""); 
         return padding + message;
     }
-
+    // Remove harmful characters from the message
+    // Fix defect #122.   
+    function sanitize(text)
+    {
+        return text.replace(/[;:,"]/gi, ""); 
+    }
     function handleCMSsubmit()
     {
         // recover the user's response
-        var response1 = document.getElementById('msgcontent1').value.trim();
-        var response2 = document.getElementById('msgcontent2').value.trim();
-        var response3 = document.getElementById('msgcontent3').value.trim();
-        var response4 = document.getElementById('msgcontent4').value.trim();
-        var response5 = document.getElementById('msgcontent5').value.trim();
-        var response6 = document.getElementById('msgcontent6').value.trim();
+        var response1 = sanitize(document.getElementById('msgcontent1').value.trim());
+        var response2 = sanitize(document.getElementById('msgcontent2').value.trim());
+        var response3 = sanitize(document.getElementById('msgcontent3').value.trim());
+        var response4 = sanitize(document.getElementById('msgcontent4').value.trim());
+        var response5 = sanitize(document.getElementById('msgcontent5').value.trim());
+        var response6 = sanitize(document.getElementById('msgcontent6').value.trim());
         var newMsg = response1 + response2 + response3 + response4 + response5 + response6;
         if (newMsg.length == 0)