diff --git a/timeline/webapp/timeline/sparkline/jquery.sparkline.js b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
index b4dd24c91a8..286aef18f37 100644
--- a/timeline/webapp/timeline/sparkline/jquery.sparkline.js
+++ b/timeline/webapp/timeline/sparkline/jquery.sparkline.js
@@ -170,6 +170,16 @@
 
 (function($) {
 
+    // Repeatedly remove all HTML comments, for complete multi-character sanitization.
+    function removeHtmlComments(input) {
+        let previous;
+        do {
+            previous = input;
+            input = input.replace(/<!--[\s\S]*?--\s*!?>/g, '');
+        } while (input !== previous);
+        return input;
+    }
+
     /*
      * Default configuration settings
      */
@@ -300,7 +310,9 @@
                     if (vals===undefined || vals===null) {
                         vals = $(this).html();
                     }
-                    values = vals.replace(/(^\s*<!--)|(-->\s*$)|\s+/g, '').split(',');
+                    // Remove HTML comments (<!-- ... --> and <!-- ... --!>)
+                    vals = removeHtmlComments(vals);
+                    values = vals.replace(/\s+/g, '').split(',');
                 } else {
                     values = uservalues;
                 }
diff --git a/timeline/webapp/timeline/sparkline/ui.tabs.js b/timeline/webapp/timeline/sparkline/ui.tabs.js
index 38f0a2c2b3c..3f17586de9c 100644
--- a/timeline/webapp/timeline/sparkline/ui.tabs.js
+++ b/timeline/webapp/timeline/sparkline/ui.tabs.js
@@ -62,7 +62,8 @@ $.widget("ui.tabs", {
 	},
 
 	_sanitizeSelector: function(hash) {
-		return hash.replace(/:/g, '\\:'); // we need this because an id may contain a ":"
+		// First escape backslashes, then escape colons
+		return hash.replace(/\\/g, '\\\\').replace(/:/g, '\\:'); // we need this because an id may contain a ":"
 	},
 
 	_cookie: function() {