diff --git a/app/controllers/course/wiki.php b/app/controllers/course/wiki.php
index 11e691541b5e0fc95434cc1edb13332fa3bb5e4a..a204efc0419896098d489a4412364facb4091b98 100644
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -615,7 +615,8 @@ class Course_WikiController extends AuthenticatedController
 
         $this->validateWikiPage($page, $this->range, true);
 
-        $page->content = \Studip\Markup::markAsHtml(trim(Request::get('content')));
+        $page->content = Studip\Markup::markAsHtml(trim(Request::get('content')));
+        $page->content = Studip\Markup::purifyHtml($page->content);
         $user = User::findCurrent();
         if ($page->isDirty()) {
             $page['user_id'] = $user->id;