diff --git a/deploy/lib/Filter.php b/deploy/lib/Filter.php
index e1e09ae00..f703fc487 100644
--- a/deploy/lib/Filter.php
+++ b/deploy/lib/Filter.php
@@ -25,14 +25,19 @@ public static function toInt($dirty) {
         // Cast anything that can be non-destructively cast.
     }
 
+    public static function filter_string_polyfill(string $string): string {
+        $str = preg_replace('/\x00|<[^>]*>?/', '', $string);
+        return str_replace(["'", '"'], ['&#39;', '&#34;'], $str);
+    }
+
     /**
      * Strip low and high ascii characters, leave standard keyboard characters
      */
     public static function toSimple($dirty) {
-        return filter_var(
+        return static::filter_string_polyfill(filter_var(
             str_replace(['"', '\''], '', $dirty),
-            FILTER_SANITIZE_STRING,
+            FILTER_SANITIZE_FULL_SPECIAL_CHARS,
             FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH
-        );
+        ));
     }
 }