diff --git a/src/components/Common/MarkdownPreview.tsx b/src/components/Common/MarkdownPreview.tsx
index f20b89fe766..e4a353fd231 100644
--- a/src/components/Common/MarkdownPreview.tsx
+++ b/src/components/Common/MarkdownPreview.tsx
@@ -46,16 +46,26 @@ const MarkdownPreview = ({
     title?: string | null;
     text: string;
   }) {
+    try {
+      const url = new URL(href);
+      if (!["http:", "https:"].includes(url.protocol)) {
+        return text;
+      }
+      href = url.toString();
+    } catch {
+      return text;
+    }
     return `<a href="${href}" target="_blank" rel="noopener noreferrer" title="${
       title || ""
     }">${text}</a>`;
   };
 
   const processedMarkdown = markdown
-    .replace(/@(\w+)/g, (_, username) => {
+    .replace(/@([a-zA-Z0-9_]{3,30})/g, (_, username) => {
       const user = MentionedUsers[username];
       if (user) {
-        return `<span class="mention cursor-pointer font-medium text-primary hover:underline" data-username="${username}">@${username}</span>`;
+        const sanitizedUsername = username.replace(/[<>"'&]/g, "");
+        return `<span class="mention cursor-pointer font-medium text-primary hover:underline" data-username="${sanitizedUsername}">@${sanitizedUsername}</span>`;
       } else {
         return `@${username}`;
       }
diff --git a/src/components/Facility/DoctorNote.tsx b/src/components/Facility/DoctorNote.tsx
index 19300b67c7c..5b6fbcd538f 100644
--- a/src/components/Facility/DoctorNote.tsx
+++ b/src/components/Facility/DoctorNote.tsx
@@ -10,7 +10,7 @@ import {
 
 interface DoctorNoteProps {
   state: PatientNoteStateType;
-  setReload: any;
+  setReload?: (value: boolean) => void;
   handleNext: () => void;
   disableEdit?: boolean;
   setReplyTo?: (reply_to: PatientNotesModel | undefined) => void;