diff --git a/include/ws_functions/pwg.categories.php b/include/ws_functions/pwg.categories.php
index 8e0983db3..37b05664b 100644
--- a/include/ws_functions/pwg.categories.php
+++ b/include/ws_functions/pwg.categories.php
@@ -565,11 +565,12 @@ function ws_categories_add($params, &$service)
 
   if (!empty($params['comment']))
   {
-    $options['comment'] = $params['comment'];
+    // TODO do not strip tags if pwg_token is provided (and valid)
+    $options['comment'] = strip_tags($params['comment']);
   }
 
   $creation_output = create_virtual_category(
-    $params['name'],
+    strip_tags($params['name']), // TODO do not strip tags if pwg_token is provided (and valid)
     $params['parent'],
     $options
     );
@@ -634,7 +635,8 @@ SELECT *
     if (isset($params[$key]))
     {
       $perform_update = true;
-      $update[$key] = $params[$key];
+      // TODO do not strip tags if pwg_token is provided (and valid)
+      $update[$key] = strip_tags($params[$key]);
     }
   }
 
diff --git a/include/ws_functions/pwg.images.php b/include/ws_functions/pwg.images.php
index 84946e1f1..ae609d698 100644
--- a/include/ws_functions/pwg.images.php
+++ b/include/ws_functions/pwg.images.php
@@ -1648,6 +1648,9 @@ SELECT *
         $params[$key] = strip_tags($params[$key], '<b><strong><em><i>');
       }
 
+      // TODO do not strip tags if pwg_token is provided (and valid)
+      $params[$key] = strip_tags($params[$key]);
+
       if ('fill_if_empty' == $params['single_value_mode'])
       {
         if (empty($image_row[$key]))