diff --git a/lib/xss.js b/lib/xss.js
index fb04129d..0ab7f297 100644
--- a/lib/xss.js
+++ b/lib/xss.js
@@ -158,7 +158,7 @@ function sanitizeHTML(str) {
                 delete t.attributes[k];
             } else  {
                 if (t.attributes[k].match(badAttrValues)) {
-                    t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
+                    t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
                 }
 
                 var k2 = k.replace(/[^\w]/g, "");
@@ -179,4 +179,15 @@ function sanitizeHTML(str) {
     return str;
 }
 
+function sanitizeText(str) {
+    str = str.replace(/&/g, "&")
+             .replace(/</g, "&lt;")
+             .replace(/>/g, "&gt;")
+             .replace(/"/g, "&quot;")
+             .replace(/'/g, "&#39;")
+             .replace(/\(/g, "&#40;")
+             .replace(/\)/g, "&#41;");
+    return str;
+}
+
 module.exports.sanitizeHTML = sanitizeHTML;
diff --git a/tests/xss.js b/tests/xss.js
index 45aa46cc..b6088aea 100644
--- a/tests/xss.js
+++ b/tests/xss.js
@@ -8,8 +8,8 @@ function basicTest() {
     assert(sanitize("< img src=asdf onerror='alert(\"xss\")'>") ===
                     "<img src=\"asdf\">");
 
-    assert(sanitize("<a href='javascript:alert(document.cookie)'>") === 
-                    "<a href=\":()\">");
+    assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
+                    "<a href=\"[removed]:[removed]([removed])\">");
 
     assert(sanitize("<a ") === "<a>");