diff --git a/src/main/webapp/js/grapheditor/Graph.js b/src/main/webapp/js/grapheditor/Graph.js
index 9825791160..9db6f3748c 100644
--- a/src/main/webapp/js/grapheditor/Graph.js
+++ b/src/main/webapp/js/grapheditor/Graph.js
@@ -1663,7 +1663,7 @@ Graph.removePasteFormatting = function(elt)
  */
 Graph.sanitizeHtml = function(value, editing)
 {
-	return DOMPurify.sanitize(value, {ADD_ATTR: ['target'],
+	return DOMPurify.sanitize(value, {ADD_ATTR: ['target'], FORBID_TAGS: ['form'],
 		ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp|data):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i});
 };