diff --git a/application/displayblock.class.inc.php b/application/displayblock.class.inc.php
index ef6bf7c28..2bdc4ed09 100644
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -706,7 +706,7 @@ class DisplayBlock
 				if ($bDoSearch)
 				{
 					// Keep the table_id identifying this table if we're performing a search
-					$sTableId = utils::ReadParam('_table_id_', null, false, 'raw_data');
+					$sTableId = utils::ReadParam('_table_id_', null, false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);
 					if ($sTableId != null)
 					{
 						$aExtraParams['table_id'] = $sTableId;
diff --git a/application/utils.inc.php b/application/utils.inc.php
index 6f590a102..5890b240d 100644
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -113,6 +113,11 @@ class utils
 	 * @since 2.7.10 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER = 'element_identifier';
+	/**
+	 * @var string For XML / HTML node id selector
+	 * @since 3.1.2 3.2.1
+	 */
+	public const ENUM_SANITIZATION_FILTER_ELEMENT_ID_SELECTOR = 'element_id_selector';
 	/**
 	 * @var string For variables names
 	 * @since 3.0.0
@@ -497,8 +502,17 @@ class utils
 				}
 				break;
 
+			// For XML / HTML node identifiers
 			case static::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER:
 				$retValue = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+				$retValue = filter_var($retValue, FILTER_VALIDATE_REGEXP,
+					['options' => ['regexp' => '/^[A-Za-z0-9][A-Za-z0-9_-]*$/']]);
+				break;
+
+			// For XML / HTML node id selector
+			case static::ENUM_SANITIZATION_FILTER_ELEMENT_ID_SELECTOR:
+				$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
+					['options' => ['regexp' => '/^[#\.][A-Za-z0-9][A-Za-z0-9_-]*$/']]);
 				break;
 
 			case static::ENUM_SANITIZATION_FILTER_VARIABLE_NAME:
diff --git a/pages/ajax.render.php b/pages/ajax.render.php
index cff8991a6..b3311f3cf 100644
--- a/pages/ajax.render.php
+++ b/pages/ajax.render.php
@@ -782,12 +782,12 @@ try
 				$sClass = utils::ReadParam('className', '', false, 'class');
 				$sRootClass = utils::ReadParam('baseClass', '', false, 'class');
 				$currentId = utils::ReadParam('currentId', '');
-				$sTableId = utils::ReadParam('_table_id_', null, false, 'raw_data');
+				$sTableId = utils::ReadParam('_table_id_', null, false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);
 				$sAction = utils::ReadParam('action', '');
-				$sSelectionMode = utils::ReadParam('selection_mode', null, false, 'raw_data');
-				$sResultListOuterSelector = utils::ReadParam('result_list_outer_selector', null, false, 'raw_data');
-				$scssCount = utils::ReadParam('css_count', null, false, 'raw_data');
-				$sTableInnerId = utils::ReadParam('table_inner_id', $sTableId, false, 'raw_data');
+				$sSelectionMode = utils::ReadParam('selection_mode');
+				$sResultListOuterSelector = utils::ReadParam('result_list_outer_selector', null,false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER); // actually an Id not a selector
+				$scssCount = utils::ReadParam('css_count', null,false,utils::ENUM_SANITIZATION_FILTER_ELEMENT_ID_SELECTOR);
+				$sTableInnerId = utils::ReadParam('table_inner_id', null,false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);
 
 				$oFilter = new DBObjectSearch($sClass);
 				$oSet = new CMDBObjectSet($oFilter);