diff --git a/common/src/java/com/zimbra/common/util/Props2Js.java b/common/src/java/com/zimbra/common/util/Props2Js.java
index 8376a5601f3..65f8095ba83 100644
--- a/common/src/java/com/zimbra/common/util/Props2Js.java
+++ b/common/src/java/com/zimbra/common/util/Props2Js.java
@@ -178,8 +178,7 @@ private static void printEscaped(DataOutputStream out, String s)
     } // printEscaped(PrintStream,String)
 
     public static String getCommentSafeString(String st) {
-        return st.replaceAll("<", "") //make sure you can't start a "script" tag within the comment cuz genius IE supposedly exectutes it
-        .replaceAll("\n", ""); //make sure no newline can be injected to start a malicious script too
+        return st.replaceAll("[^A-Za-z0-9_\\-./]", "");
     }
 
     public static void main(String[] argv) throws Exception {