diff --git a/public/scripts/slash-commands.js b/public/scripts/slash-commands.js
index c0154ee66..3df7dbb4e 100644
--- a/public/scripts/slash-commands.js
+++ b/public/scripts/slash-commands.js
@@ -264,7 +264,8 @@ async function delayCallback(_, amount) {
 async function inputCallback(_, prompt) {
     // Do not remove this delay, otherwise the prompt will not show up
     await delay(1);
-    const result = await callPopup(prompt || '', 'input');
+    const safeValue = DOMPurify.sanitize(prompt || '');
+    const result = await callPopup(safeValue, 'input');
     await delay(1);
     return result || '';
 }
diff --git a/public/scripts/variables.js b/public/scripts/variables.js
index 4ffe7b776..f6b06e49b 100644
--- a/public/scripts/variables.js
+++ b/public/scripts/variables.js
@@ -38,7 +38,9 @@ function addLocalVariable(name, value) {
     const increment = Number(value);
 
     if (isNaN(increment)) {
-        return '';
+        const stringValue = String(currentValue || '') + value;
+        setLocalVariable(name, stringValue);
+        return stringValue;
     }
 
     const newValue = Number(currentValue) + increment;
@@ -56,7 +58,9 @@ function addGlobalVariable(name, value) {
     const increment = Number(value);
 
     if (isNaN(increment)) {
-        return '';
+        const stringValue = String(currentValue || '') + value;
+        setGlobalVariable(name, stringValue);
+        return stringValue;
     }
 
     const newValue = Number(currentValue) + increment;