diff --git a/owasp-top10-2021-apps/a5/vinijr-blog/app/contact.php b/owasp-top10-2021-apps/a5/vinijr-blog/app/contact.php
index a501a26c0..209cf3fa4 100644
--- a/owasp-top10-2021-apps/a5/vinijr-blog/app/contact.php
+++ b/owasp-top10-2021-apps/a5/vinijr-blog/app/contact.php
@@ -1,12 +1,26 @@
 <?php
+libxml_disable_entity_loader(true);
+
 $xmlfile = file_get_contents('php://input');
+
 $dom = new DOMDocument();
-$dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD);
+
+$dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD | LIBXML_NOERROR | LIBXML_NOWARNING);
+
 $contact = simplexml_import_dom($dom);
-$name = $contact->name;
-$email = $contact->email;
-$subject = $contact->subject;
-$message = $contact->message;
 
-echo "Thanks for the message, $name !";
-?>
+if (isset($contact->name) && isset($contact->email) && isset($contact->subject) && isset($contact->message)) {
+    $name    = htmlspecialchars($contact->name, ENT_QUOTES, 'UTF-8');
+    $email   = filter_var($contact->email, FILTER_VALIDATE_EMAIL);
+    $subject = htmlspecialchars($contact->subject, ENT_QUOTES, 'UTF-8');
+    $message = htmlspecialchars($contact->message, ENT_QUOTES, 'UTF-8');
+
+    if ($email !== false) {
+        echo "Thanks for the message, $name!";
+    } else {
+        echo "Invalid email address!";
+    }
+} else {
+    echo "Invalid XML format!";
+}
+