diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2306ffc37bf7bdbef3e1b75042c4337cc19a2c84..fdc61bc748829d8a14f73c0903433da358b505d0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,7 @@
 variables:
   DISABLE_FUNCTIONAL: 1
   DISABLE_ACCEPTANCE: 1
+  DISABLE_CODECEPTION: 1
   IS_LIBRARY: 1
 
 include: 'https://gitlab.com/wpdesk/gitlab-ci/raw/master/gitlab-ci-1.2.yml'
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6a6a268f4d4ef97b137a8a863b6f5be06faa4ec9..12c5546ccd1bde257c125d7e65821a376fa2dcb5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## [3.1.2] - 2020-03-05
+### Added
+- sanitization on posted AJAX data
+
 ## [3.1.1] - 2019-07-30
 ### Fixed
 - Security for templates as side effect is generated there. Also required for prefixer compatibility
diff --git a/src/WPDesk/Notice/AjaxHandler.php b/src/WPDesk/Notice/AjaxHandler.php
index 168763f9a5e6b93292cff1c11bd8e42befa7883e..4b2648d36713257d9fa291fd968f40cf301d4fef 100644
--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -82,10 +82,10 @@ class AjaxHandler implements HookablePluginDependant
     public function processAjaxNoticeDismiss()
     {
         if (isset($_POST[self::POST_FIELD_NOTICE_NAME])) {
-            $noticeName = $_POST[self::POST_FIELD_NOTICE_NAME];
+            $noticeName = sanitize_text_field($_POST[self::POST_FIELD_NOTICE_NAME]);
 
             if (isset($_POST[self::POST_FIELD_SOURCE])) {
-                $source = $_POST[ self::POST_FIELD_SOURCE ];
+                $source = sanitize_text_field($_POST[ self::POST_FIELD_SOURCE ]);
             } else {
                 $source = null;
             }