diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 6b4c2ef00..c0eca7f2b 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -74,11 +74,15 @@ class UploadsController < ApplicationController
 protected
   def extract_artist_commentary(upload, data)
     if data[:artist_commentary_desc]
-      upload.artist_commentary_title = data[:artist_commentary_title]
-      upload.artist_commentary_desc = data[:artist_commentary_desc]
+      upload.artist_commentary_title = strip_tags(data[:artist_commentary_title])
+      upload.artist_commentary_desc = strip_tags(data[:artist_commentary_desc])
     end
   end
 
+  def strip_tags(s)
+    HTML::FullSanitizer.new.sanitize(s)
+  end
+
   def find_post_by_url(normalized_url)
     if normalized_url.nil?
       Post.where(source: params[:url]).first