diff --git a/htdocs/class/textsanitizer/flash/config.flash.dist.php b/htdocs/class/textsanitizer/flash/config.flash.dist.php
deleted file mode 100644
index 9e9de4cf3..000000000
--- a/htdocs/class/textsanitizer/flash/config.flash.dist.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-/**
- * TextSanitizer extension
- *
- * You may not change or alter any portion of this comment or credits
- * of supporting developers from this source code or any supporting source code
- * which is considered copyrighted (c) material of the original comment or credit authors.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * @copyright       (c) 2000-2021 XOOPS Project (https://xoops.org)
- * @license             GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
- * @package             class
- * @subpackage          textsanitizer
- * @since               2.3.0
- * @author              Taiwen Jiang <phppp@users.sourceforge.net>
- */
-defined('XOOPS_ROOT_PATH') || exit('Restricted access');
-
-return $config = array(
-    'detect_dimension' => 1,
-    'enable_flash_entry' => false,  // false to disable entry button in editor, existing content will still play
-);
diff --git a/htdocs/class/textsanitizer/flash/flash.php b/htdocs/class/textsanitizer/flash/flash.php
deleted file mode 100644
index e547b417b..000000000
--- a/htdocs/class/textsanitizer/flash/flash.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-/**
- * TextSanitizer extension
- *
- * You may not change or alter any portion of this comment or credits
- * of supporting developers from this source code or any supporting source code
- * which is considered copyrighted (c) material of the original comment or credit authors.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * @copyright       (c) 2000-2017 XOOPS Project (www.xoops.org)
- * @license             GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
- * @package             class
- * @subpackage          textsanitizer
- * @since               2.3.0
- * @author              Taiwen Jiang <phppp@users.sourceforge.net>
- */
-defined('XOOPS_ROOT_PATH') || exit('Restricted access');
-
-/**
- * Class MytsFlash
- */
-class MytsFlash extends MyTextSanitizerExtension
-{
-    /**
-     * @param $textarea_id
-     *
-     * @return array
-     */
-    public function encode($textarea_id)
-    {
-        $config     = parent::loadConfig(__DIR__);
-        if ($config['enable_flash_entry'] === false) {
-            return array();
-        }
-        $code = "<button type='button' class='btn btn-default btn-sm' onclick='xoopsCodeFlash(\"{$textarea_id}\",\""
-            . htmlspecialchars(_XOOPS_FORM_ENTERFLASHURL, ENT_QUOTES | ENT_HTML5) . "\",\""
-            . htmlspecialchars(_XOOPS_FORM_ALT_ENTERHEIGHT, ENT_QUOTES | ENT_HTML5) . "\",\""
-            . htmlspecialchars(_XOOPS_FORM_ALT_ENTERWIDTH, ENT_QUOTES | ENT_HTML5) . "\", \""
-            . $config['detect_dimension'] . "\");' onmouseover='style.cursor=\"hand\"' title='"
-            . _XOOPS_FORM_ALTFLASH . "'><span class='fa fa-fw fa-flash' aria-hidden='true'></span></button>";
-        $javascript = <<<EOF
-            function xoopsCodeFlash(id, enterFlashPhrase, enterFlashHeightPhrase, enterFlashWidthPhrase, enableDimensionDetect)
-            {
-                var selection = xoopsGetSelect(id);
-                if (selection.length > 0) {
-                    var text = selection;
-                } else {
-                    var text = prompt(enterFlashPhrase, "");
-                }
-                var domobj = xoopsGetElementById(id);
-                if (text.length > 0) {
-                    var text2 = enableDimensionDetect ? "" : prompt(enterFlashWidthPhrase, "");
-                    var text3 = enableDimensionDetect ? "" : prompt(enterFlashHeightPhrase, "");
-                    var result = "[flash="+text2+","+text3+"]" + text + "[/flash]";
-                    xoopsInsertText(domobj, result);
-                }
-                domobj.focus();
-            }
-EOF;
-
-        return array(
-            $code,
-            $javascript);
-    }
-
-    /**
-     * @param $match
-     *
-     * @return string
-     */
-    public static function myCallback($match)
-    {
-        return self::decode($match[5], $match[3], $match[4]);
-    }
-
-    /**
-     * @param MyTextSanitizer $myts
-     *
-     * @return bool
-     */
-    public function load(MyTextSanitizer $myts)
-    {
-        $myts->callbackPatterns[] = "/\[(swf|flash)=(['\"]?)([^\"']*),([^\"']*)\\2]([^\"]*)\[\/\\1\]/sU";
-        $myts->callbacks[]        = __CLASS__ . '::myCallback';
-
-        return true;
-    }
-
-    /**
-     * @param $url
-     * @param $width
-     * @param $height
-     *
-     * @return string
-     */
-    public static function decode($url, $width, $height)
-    {
-        $config = parent::loadConfig(__DIR__);
-
-        if ((empty($width) || empty($height)) && !empty($config['detect_dimension'])) {
-            if (!$dimension = @getimagesize($url)) {
-                return "<a href='{$url}' rel='external' title=''>{$url}</a>";
-            }
-            if (!empty($width)) {
-                $height = $dimension[1] * $width / $dimension[0];
-            } elseif (!empty($height)) {
-                $width = $dimension[0] * $height / $dimension[1];
-            } else {
-                list($width, $height) = array(
-                    $dimension[0],
-                    $dimension[1]);
-            }
-        }
-
-        $rp = "<object width='{$width}' height='{$height}' classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' codebase='http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0'>";
-        $rp .= "<param name='movie' value='{$url}'>";
-        $rp .= "<param name='QUALITY' value='high'>";
-        $rp .= "<PARAM NAME='bgcolor' VALUE='#FFFFFF'>";
-        $rp .= "<param name='wmode' value='transparent'>";
-        $rp .= "<embed src='{$url}' width='{$width}' height='{$height}' quality='high' bgcolor='#FFFFFF' wmode='transparent'  pluginspage='http://www.macromedia.com/go/getflashplayer' type='application/x-shockwave-flash'></embed>";
-        $rp .= '</object>';
-
-        return $rp;
-    }
-}
diff --git a/htdocs/class/textsanitizer/flash/index.php b/htdocs/class/textsanitizer/flash/index.php
deleted file mode 100644
index 6a5054350..000000000
--- a/htdocs/class/textsanitizer/flash/index.php
+++ /dev/null
@@ -1,2 +0,0 @@
-<?php
-header('HTTP/1.0 404 Not Found');
diff --git a/htdocs/class/textsanitizer/mp3/mp3.php b/htdocs/class/textsanitizer/mp3/mp3.php
index 7b0aacf82..0f0aa1788 100644
--- a/htdocs/class/textsanitizer/mp3/mp3.php
+++ b/htdocs/class/textsanitizer/mp3/mp3.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * TextSanitizer extension
  *
@@ -24,72 +25,54 @@
 class MytsMp3 extends MyTextSanitizerExtension
 {
     /**
-     * @param $textarea_id
-     *
+     * @param string $textarea_id
      * @return array
      */
     public function encode($textarea_id)
     {
-        $code = "<button type='button' class='btn btn-default' onclick='xoopsCodeMp3(\"{$textarea_id}\",\""
-            . htmlspecialchars(_XOOPS_FORM_ENTERMP3URL, ENT_QUOTES | ENT_HTML5)
-            . "\");' onmouseover='style.cursor=\"hand\"' title='" . _XOOPS_FORM_ALTMP3
-            . "'><span class='fa fa-fw fa-music' aria-hidden='true'></span></button>";
+        $buttonHtml = "<button type='button' class='btn btn-default' onclick='xoopsCodeMp3(\"{$textarea_id}\");' title='"
+                      . _XOOPS_FORM_ALTMP3 . "'>"
+                      . "<span class='fa fa-fw fa-music' aria-hidden='true'></span></button>";
 
         $javascript = <<<EOF
-            function xoopsCodeMp3(id, enterMp3Phrase)
-            {
-                var selection = xoopsGetSelect(id);
-                if (selection.length > 0) {
-                    var text = selection;
-                } else {
-                    var text = prompt(enterMp3Phrase, "");
-                }
-                var domobj = xoopsGetElementById(id);
-                if (text.length > 0) {
-                    var result = "[mp3]" + text + "[/mp3]";
-                    xoopsInsertText(domobj, result);
-                }
-                domobj.focus();
-            }
-EOF;
-
-        return array(
-            $code,
-            $javascript);
+function xoopsCodeMp3(id) {
+    var text = prompt("Enter MP3 URL (e.g., https://example.com/audio.mp3)", xoopsGetSelect(id));
+    while (text !== null && !text.trim().match(/^https?:\/\/[\w\-\.]+(\:\d+)?\/.+\.mp3(\?.*)?$/i)) {
+        alert("Invalid MP3 URL. The URL must begin with http or https and end with .mp3");
+        text = prompt("Enter MP3 URL (e.g., https://example.com/audio.mp3)", text);
     }
+    if (text && text.trim().length > 0) {
+        xoopsInsertText(document.getElementById(id), "[mp3]" + text.trim() + "[/mp3]");
+    }
+}
+EOF;
 
-    /**
-     * @param $match
-     *
-     * @return string
-     */
-    public static function myCallback($match)
-    {
-        return self::decode($match[1]);
+        return [$buttonHtml, $javascript];
     }
 
     /**
-     * @param MyTextSanitizer $myts
-     *
      * @return bool
      */
     public function load(MyTextSanitizer $myts)
     {
-        $myts->callbackPatterns[] = "/\[mp3\](.*?)\[\/mp3\]/s";
-        $myts->callbacks[]        = __CLASS__ . '::myCallback';
-
+        $myts->callbackPatterns[] = '/\[mp3\](.*?)\[\/mp3\]/s';
+        $myts->callbacks[]        = __CLASS__ . '::decode';
         return true;
     }
 
     /**
-     * @param $url
-     *
+     * @param string|array $url
+     * @param string|int   $width
+     * @param string|int   $height
      * @return string
      */
-    public static function decode($url, $width, $height)
+    public static function decode($url, $width = 0, $height = 0)
     {
-        $rp = "<embed flashvars=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x3786b3&amp;lefticon=0x78bee3&amp;rightbg=0x3786b3&amp;rightbghover=0x78bee3&amp;righticon=0x78bee3&amp;righticonhover=0x3786b3&amp;text=0x666666&amp;slider=0x3786b3&amp;track=0xcccccc&amp;border=0x666666&amp;loader=0x78bee3&amp;loop=no&amp;soundFile={$url}\" quality='high' menu='false' wmode='transparent' pluginspage='http://www.macromedia.com/go/getflashplayer' src='" . XOOPS_URL . "/images/form/player.swf'  width=290 height=24 type='application/x-shockwave-flash'></embed>";
-
-        return $rp;
+        if (is_array($url)) {
+            $url = htmlspecialchars($url[1], ENT_QUOTES, 'UTF-8', false); // Prevent double-encoding
+        } else {
+            $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false); // Prevent double-encoding
+        }
+        return "<audio controls><source src='{$url}' type='audio/mpeg'>Your browser does not support the audio element.</audio>";
     }
 }