diff --git a/SoObjects/SOGo/NSString+Utilities.h b/SoObjects/SOGo/NSString+Utilities.h
index 636612dc4..19a6d33c9 100644
--- a/SoObjects/SOGo/NSString+Utilities.h
+++ b/SoObjects/SOGo/NSString+Utilities.h
@@ -76,6 +76,8 @@
 /* OpenSSL multiline DN */
 - (NSArray *) componentsFromMultilineDN;
 
+/* XSS protection */
+- (NSString *) removeHTMLTagsExceptAnchorTags;
 - (NSString *) stringWithoutHTMLInjection: (BOOL)stripHTMLCode;
 
 #ifndef GNUSTEP_BASE_LIBRARY
diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m
index d5b77c62d..31f6291be 100644
--- a/SoObjects/SOGo/NSString+Utilities.m
+++ b/SoObjects/SOGo/NSString+Utilities.m
@@ -903,6 +903,28 @@ static int cssEscapingCount;
   return result;
 }
 
+/**
+ * Remove all HTML tags except for <a> </a>
+ * @return A clean string
+ */
+- (NSString *)removeHTMLTagsExceptAnchorTags {
+    NSError *error;
+    NSRegularExpression *regex;
+    NSString *stringWithoutHTML;
+    
+    error = nil;
+    
+    regex = [NSRegularExpression regularExpressionWithPattern: @"<(?!a|\\/a\\b)[^>]*>" options: NSRegularExpressionCaseInsensitive error: &error];
+    stringWithoutHTML = [regex stringByReplacingMatchesInString: self options: 0 range: NSMakeRange(0, [self length]) withTemplate:@""];
+
+    if (error) {
+      [self logWithFormat: @"Error while removing tags : %@", [error localizedDescription]];
+      return self;
+    }
+    
+    return stringWithoutHTML;
+}
+
 /**
  * Get the safe string avoiding HTML injection
  * @param stripHTMLCode Remove all HTML code from content
diff --git a/Tests/Unit/TestNSString+Utilities.m b/Tests/Unit/TestNSString+Utilities.m
index d1384932e..71ccd0825 100644
--- a/Tests/Unit/TestNSString+Utilities.m
+++ b/Tests/Unit/TestNSString+Utilities.m
@@ -118,5 +118,9 @@
   testEquals([[NSString stringWithString:@"<div><!--[if !mso]><span>Test</span><!--<![endif]--></div>"] cleanInvalidHTMLTags], @"<div><!--[if !mso]><span>Test</span><!--[endif]--></div>");
 }
 
+- (void) test_stringRemoveHTMLTagsExceptAnchorTags
+{
+   testEquals([[NSString stringWithString:@"<div>Test<img src=\"foo\" />bar <a href=\"https://www.sogo.nu\" target=\"_blank\">link</a> <strong>foobar</strong></div>"] removeHTMLTagsExceptAnchorTags], @"Testbar <a href=\"https://www.sogo.nu\" target=\"_blank\">link</a> foobar");
+}
 
 @end
diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m
index 98cf68c07..6782e01ec 100644
--- a/UI/MainUI/SOGoRootPage.m
+++ b/UI/MainUI/SOGoRootPage.m
@@ -1052,7 +1052,7 @@ static const NSString *kJwtKey = @"jwt";
 
 - (NSString *)motdEscaped
 {
-  return [[[SOGoAdmin sharedInstance] getMotd] stringWithoutHTMLInjection: YES];
+  return [[[SOGoAdmin sharedInstance] getMotd] removeHTMLTagsExceptAnchorTags];
 }
 
 - (BOOL)hasMotd