diff --git a/app/helpers/action_tracker_helper.rb b/app/helpers/action_tracker_helper.rb
index b812bbf..dbd0902 100644
--- a/app/helpers/action_tracker_helper.rb
+++ b/app/helpers/action_tracker_helper.rb
@@ -5,12 +5,12 @@ module ActionTrackerHelper
   end
 
   def new_friendship_description ta
-    n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size) % {
+    n_('has made 1 new friend:<br />%{name}', 'has made %{num} new friends:<br />%{name}', ta.get_friend_name.size).html_safe % {
       num: ta.get_friend_name.size,
-      name: ta.collect_group_with_index(:friend_name) do |n,i|
+      name: safe_join(ta.collect_group_with_index(:friend_name) do |n,i|
         link_to image_tag(ta.get_friend_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
                 ta.get_friend_url[i], title: n
-      end.join
+      end)
     }
   end
 
diff --git a/app/views/mailing/sender/notification.html.erb b/app/views/mailing/sender/notification.html.erb
index 52deb71..3c50ca9 100644
--- a/app/views/mailing/sender/notification.html.erb
+++ b/app/views/mailing/sender/notification.html.erb
@@ -4,7 +4,7 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
   </head>
   <body style="margin: 0">
-    <%= word_wrap(@message) %>
+    <%= raw word_wrap(@message) %>
     <p>
       --<br/>
       <%= @signature_message %><br/>
diff --git a/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb b/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
index dc48922..416791c 100644
--- a/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
+++ b/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
@@ -63,12 +63,12 @@ class BreadcrumbsPlugin::ContentBreadcrumbsBlock < Block
           breadcrumb << content_tag('div', section_name, :class => 'section-name')
         end
 
-        breadcrumb
+        breadcrumb.html_safe
       else
         ''
       end
     end)
-    ret.html_safe
+    ret
   end
 
   def cacheable?
diff --git a/plugins/community_block/views/blocks/community.html.erb b/plugins/community_block/views/blocks/community.html.erb
index a5a4a1c..03622c8 100644
--- a/plugins/community_block/views/blocks/community.html.erb
+++ b/plugins/community_block/views/blocks/community.html.erb
@@ -23,7 +23,7 @@
       <%= link_to(
             content_tag('span','',:class => 'community-block-button icon-arrow'),
             '#',
-            :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;",
+            :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;".html_safe,
             :class => 'simplemenu-trigger') %>
 
       <% end %>
diff --git a/plugins/context_content/lib/context_content_plugin/context_content_block.rb b/plugins/context_content/lib/context_content_plugin/context_content_block.rb
index 4451fe7..22a105b 100644
--- a/plugins/context_content/lib/context_content_plugin/context_content_block.rb
+++ b/plugins/context_content/lib/context_content_plugin/context_content_block.rb
@@ -89,13 +89,13 @@ class ContextContentPlugin::ContextContentBlock < Block
     ret = proc do
       contents = block.contents(@page)
       parent_title = block.parent_title(contents)
-      if !contents.blank?
+      if contents.present?
         render(:file => 'blocks/context_content', :locals => {:block => block, :contents => contents, :parent_title => parent_title})
       else
         ''
       end
     end
-    ret.html_safe
+    ret
   end
 
   def cacheable?
diff --git a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
index 62eba25..1545f73 100644
--- a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
@@ -6,9 +6,9 @@
 <% if @submission.id.nil? %>
   <% if @form.expired? %>
     <% if @form.will_open? %>
-      <h2><%= _('Sorry, you can\'t fill this form yet') %></h2>
+      <h2><%= _('Sorry, you can\'t fill this form yet').html_safe %></h2>
     <% else %>
-      <h2><%= _('Sorry, you can\'t fill this form anymore') %></h2>
+      <h2><%= _('Sorry, you can\'t fill this form anymore').html_safe %></h2>
     <% end %>
   <% end %>
 
diff --git a/plugins/display_content/lib/display_content_block.rb b/plugins/display_content/lib/display_content_block.rb
index a1cae4f..0a390d9 100644
--- a/plugins/display_content/lib/display_content_block.rb
+++ b/plugins/display_content/lib/display_content_block.rb
@@ -177,9 +177,9 @@ class DisplayContentBlock < Block
 
           content_sections += read_more_section if !read_more_section.blank?
 #raise sections.inspect
-          content_tag('li', content_sections)
+          content_tag('li', content_sections.html_safe)
         end
-      }.join(" "))
+      }.join(" ").html_safe)
     end
   end
 
diff --git a/plugins/event/views/event_plugin/event_block_item.html.erb b/plugins/event/views/event_plugin/event_block_item.html.erb
index ee03606..76d28e3 100644
--- a/plugins/event/views/event_plugin/event_block_item.html.erb
+++ b/plugins/event/views/event_plugin/event_block_item.html.erb
@@ -3,11 +3,11 @@
   ev_days_tag = ''
   if event.duration > 1
     ev_days_tag = content_tag('time',
-      n_('Duration: 1 day', 'Duration: %s days', event.duration) % "<b>#{event.duration}</b>",
+      n_('Duration: 1 day', 'Duration: %s days', event.duration).html_safe % "<b>#{event.duration}</b>".html_safe,
       :itemprop => 'endDate',
       :datetime => show_date(event.end_date) + 'T00:00',
       :class => 'duration',
-      :title => show_date(event.start_date) + ' &mdash; ' + time_left_str
+      :title => (show_date(event.start_date) + ' &mdash; ' + time_left_str).html_safe
     )
   end
 
diff --git a/plugins/metadata/lib/metadata_plugin/base.rb b/plugins/metadata/lib/metadata_plugin/base.rb
index d95602f..ba8080b 100644
--- a/plugins/metadata/lib/metadata_plugin/base.rb
+++ b/plugins/metadata/lib/metadata_plugin/base.rb
@@ -55,7 +55,7 @@ class MetadataPlugin::Base < Noosfero::Plugin
           end
         end
       end
-      r.join
+      safe_join(r)
     end
   end
 
diff --git a/plugins/newsletter/lib/newsletter_plugin/newsletter.rb b/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
index 4476d97..273da70 100644
--- a/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
+++ b/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
@@ -110,11 +110,11 @@ class NewsletterPlugin::Newsletter < ActiveRecord::Base
   include DatesHelper
 
   def message_to_public_link
-    content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
+    content_tag(:p, (_("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}')).html_safe, :id => 'newsletter-public-link').html_safe
   end
 
   def message_to_unsubscribe
-    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
+    content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.").html_safe % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe').html_safe
   end
 
   def read_more(link_address)
@@ -130,13 +130,13 @@ class NewsletterPlugin::Newsletter < ActiveRecord::Base
   end
 
   def body(data = {})
-    content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link'])+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header']))+self.posts(data).map do |post|
+    content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link']).html_safe+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header'])).html_safe+self.posts(data).map do |post|
         if post.image
           post_with_image(post)
         else
           post_without_image(post)
         end
-      end.join()+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews'])+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap'])
+      end.join().html_safe+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews']).html_safe+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap']).html_safe
   end
 
   def default_subject
diff --git a/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb b/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
index aed8078..157b96b 100644
--- a/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
+++ b/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
@@ -17,7 +17,7 @@ class RequireAuthToCommentPlugin < Noosfero::Plugin
   end
 
   def profile_editor_extras
-    expanded_template('profile-editor-extras.html.erb')
+    expanded_template('profile-editor-extras.html.erb').html_safe
   end
 
   def stylesheet?
diff --git a/plugins/site_tour/views/tour_actions.html.erb b/plugins/site_tour/views/tour_actions.html.erb
index f2e8371..ab1bcd9 100644
--- a/plugins/site_tour/views/tour_actions.html.erb
+++ b/plugins/site_tour/views/tour_actions.html.erb
@@ -6,11 +6,11 @@
 <script>
   jQuery( document ).ready(function( $ ) {
     <% actions.each_with_index do |action, index| %>
-      <%= "siteTourPlugin.add('#{j action[:group_name]}', '#{j action[:selector]}', '#{j parse_tour_description(action[:description])}', #{index + 1});" %>
+      <%= raw "siteTourPlugin.add('#{j action[:group_name]}', '#{j action[:selector]}', '#{j parse_tour_description(action[:description])}', #{index + 1});" %>
     <% end %>
 
     <% (group_triggers||[]).each do |group| %>
-      <%= "siteTourPlugin.addGroupTrigger('#{j group[:group_name]}', '#{j group[:selector]}', '#{j group[:event]}');" %>
+      <%= "siteTourPlugin.addGroupTrigger('#{j group[:group_name]}', '#{j group[:selector]}', '#{j group[:event]}');".html_safe %>
     <% end %>
 
     siteTourPlugin.setOption('nextLabel', '<%= _('Next') %>');
diff --git a/plugins/sniffer/views/sniffer_plugin_myprofile/search.html.erb b/plugins/sniffer/views/sniffer_plugin_myprofile/search.html.erb
index dfb1ef9..15a7143 100644
--- a/plugins/sniffer/views/sniffer_plugin_myprofile/search.html.erb
+++ b/plugins/sniffer/views/sniffer_plugin_myprofile/search.html.erb
@@ -46,8 +46,8 @@
   var currentProfile = <%= filter_visible_attr_profile(profile).to_json %>;
   sniffer.search.map.load({
     "zoom": <%= GoogleMaps.initial_zoom.to_json %>,
-    "balloonUrl": <%= url_for(:controller => :sniffer_plugin_myprofile, :action => :map_balloon, :id => "_id_", :escape => false).to_json %>,
-    "myBalloonUrl": <%= url_for(:controller => :sniffer_plugin_myprofile, :action => :my_map_balloon, :escape => false).to_json %>,
+    "balloonUrl": <%= raw url_for(:controller => :sniffer_plugin_myprofile, :action => :map_balloon, :id => "_id_", :escape => false).to_json %>,
+    "myBalloonUrl": <%= raw url_for(:controller => :sniffer_plugin_myprofile, :action => :my_map_balloon, :escape => false).to_json %>,
     "profiles": <%=
       @profiles_data.map do |id, profile_data|
         data = filter_visible_attr_profile(profile_data[:profile])
@@ -55,7 +55,7 @@
         data[:suppliersProducts] = filter_visible_attr_suppliers_products(profile_data[:suppliers_products])
         data[:icon] = profile_data[:profile][:icon]
         data
-      end.to_json
+      end.to_json.html_safe
     %>
   });
 </script>
--
libgit2 0.21.2