diff --git a/bbs/view_comment.php b/bbs/view_comment.php
index f7cb5d087..8c83090d9 100644
--- a/bbs/view_comment.php
+++ b/bbs/view_comment.php
@@ -7,7 +7,7 @@ if ($is_guest && $board['bo_comment_level'] < 2) {
     $captcha_html = captcha_html('_comment');
 }
 
-$c_id = isset($_GET['c_id']) ? clean_xss_tags($_GET['c_id'], 1, 1) : '';
+$c_id = isset($_GET['c_id']) ? preg_replace('/[\'",]/', '', clean_xss_tags($_GET['c_id'], 1, 1)) : '';
 $c_wr_content = '';
 
 @include_once($board_skin_path.'/view_comment.head.skin.php');
diff --git a/lib/common.lib.php b/lib/common.lib.php
index a7ab4197c..ddb8bbace 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3429,6 +3429,12 @@ function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len
         $result = preg_replace('#([^\p{L}]|^)(?:javascript|jar|applescript|vbscript|vbs|wscript|jscript|behavior|mocha|livescript|view-source)\s*:(?:.*?([/\\\;()\'">]|$))#ius',
                 '$1$2', $result);
 
+        // 이벤트 핸들러 속성 제거 (예: onclick=, onerror= 등)
+        $result = preg_replace('/on\w+\s*=\s*(".*?"|\'.*?\'|[^\s>]+)/i', '', $result);
+        
+        // 속성 제거 (CSS 기반 인젝션 차단)
+        $result = preg_replace('/\s*style\s*=\s*(".*?"|\'.*?\'|[^\s>]+)/i', '', $result);
+        
         if((string)$result === (string)$str) break;
 
         $str = $result;