diff --git a/pw/pw-xss/client/src/app/home/home.html b/pw/pw-xss/client/src/app/home/home.html
index 08d6cdbe..5190b8de 100644
--- a/pw/pw-xss/client/src/app/home/home.html
+++ b/pw/pw-xss/client/src/app/home/home.html
@@ -1,5 +1,5 @@
 <div>
-	<h1>{{message}}</h1>
+	<h1><a [href]="trustedUrl">{{message}}</a></h1>
 	<table class="k-data-table">
 		<caption>Latest news from Web &amp; Mobile Framework Team</caption>
 		<thead>
@@ -22,9 +22,9 @@ <h1>{{message}}</h1>
 		</tfoot>
 		<tbody>
         <tr class="gradeA" *ngFor="let currentNew of news">
-            <td>{{currentNew.author}}</td>
-            <td>{{currentNew.category}}</td>
-            <td>{{currentNew.content}}</td>
+            <td [innerHtml] = 'currentNew.author' ></td>
+            <td [innerHtml] = 'currentNew.category'></td>>
+            <td [innerHtml] = 'currentNew.content'></td>
             <td><button class="btn" (click)="addLike(currentNew)"><img src="assets/styles/ktheme/img/like.png" /> {{currentNew.likes}}</button></td>
             <td><button class="btn" (click)="deleteNews(currentNew)"><img src="assets/styles/ktheme/img/delete.png"/></button></td>
         </tr>
@@ -41,7 +41,7 @@ <h1>{{message}}</h1>
     <section class="k-panel">
         <h4 class="control"><a href="#">And the news of the day is...</a></h4>
         <div class="content">
-            <p><i>{{newsOfTheDay.content}}</i> from <b>{{newsOfTheDay.author}}</b></p>
+            <p> <span [innerHTML]="newsOfTheDay.content"></span> from <b>{{newsOfTheDay.author}}</b></p>
         </div>
     </section>
 </div>
\ No newline at end of file
diff --git a/pw/pw-xss/client/src/app/home/home.ts b/pw/pw-xss/client/src/app/home/home.ts
index 189f38e3..19806b63 100644
--- a/pw/pw-xss/client/src/app/home/home.ts
+++ b/pw/pw-xss/client/src/app/home/home.ts
@@ -3,7 +3,7 @@ import { Observable } from 'rxjs';
 
 import { NewsService } from '../services/newsService';
 import { News } from '../beans/news';
-// import {DomSanitizer} from '@angular/platform-browser'
+import {DomSanitizer} from '@angular/platform-browser'
 
 @Component({
   selector: 'home',
@@ -15,17 +15,17 @@ export class Home implements OnInit {
   news: News[] = [];
   newsOfTheDay: News = {};
   nextNews: News = {};
-  //trustedUrl: string;
+  trustedUrl: string = '';
   constructor(
     private newsService: NewsService,
-    // private sanitizer: DomSanitizer
+    private sanitizer: DomSanitizer
   ) {}
 
   ngOnInit() {
     // javascript: URLs are dangerous if attacker controlled.
     // Angular sanitizes them in data binding, but you can
     // explicitly tell Angular to trust this value:
-    //this.trustedUrl = <string> this.sanitizer.bypassSecurityTrustUrl('javascript:alert("Don\'t forget to add a comment in the bottom please!")');
+    this.trustedUrl = <string> this.sanitizer.bypassSecurityTrustUrl('javascript:alert("Don\'t forget to add a comment in the bottom please!")');
     this.updateNews();
   }
 
@@ -38,7 +38,7 @@ export class Home implements OnInit {
       this.newsOfTheDay = news;
       // uncomment the line below only for demo purpose, don't do this in a real situation
       // if you want to force a given scripting which you trust and is under you strict control (never from user input), use DomSanitizer#bypassSecurityTrustHtml(String) method
-      //this.newsOfTheDay.content = <string> this.sanitizer.bypassSecurityTrustHtml(this.newsOfTheDay.content);
+      this.newsOfTheDay.content = <string> this.sanitizer.bypassSecurityTrustHtml('<button id="myButton" onclick="alert(\'Button was clicked!\')">Click Me!</button>');
     });
   }