diff --git a/app/views/layouts/chat.rhtml b/app/views/layouts/chat.rhtml
index 6b6e6b1..c616a04 100644
--- a/app/views/layouts/chat.rhtml
+++ b/app/views/layouts/chat.rhtml
@@ -5,7 +5,7 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
     <meta name="description" content="<%= @environment.name %>" />
     <link rel="shortcut icon" href="<%= image_path(theme_favicon) %>" type="image/x-icon" />
-    <%= javascript_include_tag 'jquery-latest', 'jquery.noconflict', 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.scrollabletab', 'strophejs-1.0.1/strophe', 'jquery.emoticon', '/designs/icons/pidgin/emoticons.js', 'ba-linkify', 'jquery.ba-hashchange', 'jquery.sound', 'application', 'chat', :cache => 'cache-chat' %>
+    <%= javascript_include_tag 'prototype', 'jquery-latest', 'jquery.noconflict', 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.scrollabletab', 'strophejs-1.0.1/strophe', 'jquery.emoticon', '/designs/icons/pidgin/emoticons.js', 'ba-linkify', 'jquery.ba-hashchange', 'jquery.sound', 'application', 'chat', :cache => 'cache-chat' %>
     <%= stylesheet_link_tag noosfero_stylesheets, :cache => 'cache' %>
     <%= stylesheet_link_tag icon_theme_stylesheet_path %>
     <%= stylesheet_link_tag theme_stylesheet_path %>
diff --git a/public/javascripts/chat.js b/public/javascripts/chat.js
index 057b199..35914a1 100644
--- a/public/javascripts/chat.js
+++ b/public/javascripts/chat.js
@@ -499,6 +499,7 @@ jQuery(function($) {
      if (e.keyCode == 13) {
         var jid = $(this).attr('data-to');
         var body = $(this).val();
+        body = body.stripScripts();
         Jabber.deliver_message(jid, body);
         $(this).val('');
         return false;
--
libgit2 0.21.2