diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 76622c50..b4561f80 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -202,11 +202,15 @@ module ApplicationHelper
   end
 
   def format_note(note)
-    note.gsub!(/</, '&lt;') # eliminate tags
-    note.gsub!(/>/, '&gt;')
     note = markdown(note)
     note = auto_link_message(note)
     note = auto_link(note)
+
+    # add onenote and message protocols
+    Sanitize::Config::RELAXED[:protocols]['a']['href'] << 'onenote'
+    Sanitize::Config::RELAXED[:protocols]['a']['href'] << 'message'
+
+    note = Sanitize.clean(note, Sanitize::Config::RELAXED)
     return note
   end
 end
diff --git a/app/models/todo.rb b/app/models/todo.rb
index 82c19cb2..38580d3f 100644
--- a/app/models/todo.rb
+++ b/app/models/todo.rb
@@ -286,7 +286,15 @@ class Todo < ActiveRecord::Base
   def active_to_block
     return successors.find_all {|t| t.active? or t.deferred?}
   end
-  
+
+  def notes=(value)
+    super(value.gsub(/</, '&lt;').gsub(/>/, '&gt;'))
+  end
+
+  def raw_notes=(value)
+    self[:notes] = value
+  end
+
   # Rich Todo API
   
   def self.from_rich_message(user, default_context_id, description, notes)
@@ -324,7 +332,7 @@ class Todo < ActiveRecord::Base
     
     todo = user.todos.build
     todo.description = description
-    todo.notes = notes
+    todo.raw_notes = notes
     todo.context_id = context_id
     todo.project_id = project_id unless project_id.nil?
     return todo
diff --git a/config/environment.rb b/config/environment.rb
index 0b26e5eb..981ebeb2 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -23,6 +23,7 @@ Rails::Initializer.run do |config|
   config.gem "RedCloth"
   config.gem "soap4r", :lib => false
   config.gem 'datanoise-actionwebservice', :lib => 'actionwebservice'
+  config.gem 'sanitize'
 
   config.action_controller.use_accept_header = true