diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 71cad88..6b3dfa2 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1055,13 +1055,11 @@ module ApplicationHelper
   end
 
   def delete_article_message(article)
-    CGI.escapeHTML(
-      if article.folder?
-        _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
-      else
-        _("Are you sure that you want to remove the item \"%s\"?") % article.name
-      end
-    )
+    if article.folder?
+      _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
+    else
+      _("Are you sure that you want to remove the item \"%s\"?") % article.name
+    end
   end
 
   def expirable_link_to(expired, content, url, options = {})
diff --git a/app/helpers/article_helper.rb b/app/helpers/article_helper.rb
index 861ce0b..1786138 100644
--- a/app/helpers/article_helper.rb
+++ b/app/helpers/article_helper.rb
@@ -69,14 +69,14 @@ module ArticleHelper
     content_tag('div',
       content_tag('div',
         radio_button(:article, :published, true) +
-          content_tag('span', ' ', :class => 'access-public-icon') +
+          content_tag('span', ' '.html_safe, :class => 'access-public-icon') +
           content_tag('label', _('Public'), :for => 'article_published_true') +
           content_tag('span', _('Visible to other people'), :class => 'access-note'),
           :class => 'access-item'
            ) +
       content_tag('div',
         radio_button(:article, :published, false) +
-          content_tag('span', ' ', :class => 'access-private-icon') +
+          content_tag('span', ' '.html_safe, :class => 'access-private-icon') +
           content_tag('label', _('Private'), :for => 'article_published_false', :id => "label_private") +
           content_tag('span', _('Limit visibility of this article'), :class => 'access-note'),
           :class => 'access-item'
diff --git a/app/helpers/boxes_helper.rb b/app/helpers/boxes_helper.rb
index 9952acd..67eb70f 100644
--- a/app/helpers/boxes_helper.rb
+++ b/app/helpers/boxes_helper.rb
@@ -34,7 +34,7 @@ module BoxesHelper
 
   def display_boxes_editor(holder)
     with_box_decorator self do
-      content_tag('div', display_boxes(holder, '<' + _('Main content') + '>'), :id => 'box-organizer')
+      content_tag('div', display_boxes(holder, '<' + _('Main content') + '>'), :id => 'box-organizer')
     end
   end
 
@@ -52,7 +52,7 @@ module BoxesHelper
 
   def maybe_display_custom_element(holder, element, options = {})
     if holder.respond_to?(element)
-      content_tag('div', holder.send(element), options)
+      content_tag('div', holder.send(element).to_s.html_safe, options)
     else
       ''.html_safe
     end
@@ -64,7 +64,7 @@ module BoxesHelper
 
   def display_updated_box(box)
     with_box_decorator self do
-      display_box_content(box, '&lt;' + _('Main content') + '&gt;')
+      display_box_content(box, '<' + _('Main content') + '>')
     end
   end
 
diff --git a/app/helpers/categories_helper.rb b/app/helpers/categories_helper.rb
index 8a47344..30f7c71 100644
--- a/app/helpers/categories_helper.rb
+++ b/app/helpers/categories_helper.rb
@@ -20,7 +20,7 @@ module CategoriesHelper
   def selected_category_link(cat)
     js_remove = "jQuery('#selected-category-#{cat.id}').remove();"
     content_tag('div', button_to_function_without_text(:remove, _('Remove'), js_remove) +
-      link_to_function(cat.full_name(' &rarr; '), js_remove, :id => "remove-selected-category-#{cat.id}-button", :class => 'select-subcategory-link'),
+      link_to_function(cat.full_name(' &rarr; ').html_safe, js_remove, :id => "remove-selected-category-#{cat.id}-button", :class => 'select-subcategory-link'),
       :class => 'selected-category'
     )
   end
diff --git a/app/helpers/profile_helper.rb b/app/helpers/profile_helper.rb
index 14ce947..fe4ee6f 100644
--- a/app/helpers/profile_helper.rb
+++ b/app/helpers/profile_helper.rb
@@ -84,7 +84,7 @@ module ProfileHelper
       entries.map do |entry|
         content = self.send("treat_#{field}", entry)
         unless content.blank?
-          content_tag('tr', content_tag('td', title(field, entry), :class => 'field-name') + content_tag('td', content))
+          content_tag('tr', content_tag('td', title(field, entry), :class => 'field-name') + content_tag('td', content.to_s.html_safe))
         end
       end.join("\n")
     end
diff --git a/app/views/blocks/raw_html.html.erb b/app/views/blocks/raw_html.html.erb
index 640d7ae..2a1db22 100644
--- a/app/views/blocks/raw_html.html.erb
+++ b/app/views/blocks/raw_html.html.erb
@@ -1,3 +1,3 @@
 <%= block_title(block.title, block.subtitle) %>
 
-<%=h block.html %>
+<%= block.html.html_safe %>
diff --git a/app/views/friends/_profile_list.html.erb b/app/views/friends/_profile_list.html.erb
index acfd6b2..7351f40 100644
--- a/app/views/friends/_profile_list.html.erb
+++ b/app/views/friends/_profile_list.html.erb
@@ -1,7 +1,7 @@
 <ul class="profile-list">
   <% profiles.each do |profile| %>
     <li>
-    <%= link_to_profile profile_image(profile) + '<br/>' + profile.short_name,
+    <%= link_to_profile profile_image(profile) + tag('br') + profile.short_name,
                         profile.identifier, :class => 'profile-link' %>
     <div class="controll">
       <%= button_without_text :remove, content_tag('span',_('remove')),
diff --git a/app/views/shared/_select_categories.html.erb b/app/views/shared/_select_categories.html.erb
index 3aad3f8..6aa5e66 100644
--- a/app/views/shared/_select_categories.html.erb
+++ b/app/views/shared/_select_categories.html.erb
@@ -9,7 +9,7 @@
     categories = [@current_category]
     categories.push(@current_category) while @current_category = @current_category.parent
   %>
-  <%= categories.compact.reverse.map{|i| update_categories_link(nil,i.name, i.id)}.join %>
+  <%= categories.compact.reverse.map{|i| update_categories_link(nil,i.name, i.id)}.join.html_safe %>
 
   <script>
     function add_category() {
diff --git a/plugins/people_block/lib/people_block_helper.rb b/plugins/people_block/lib/people_block_helper.rb
index 1492812..6458508 100644
--- a/plugins/people_block/lib/people_block_helper.rb
+++ b/plugins/people_block/lib/people_block_helper.rb
@@ -1,6 +1,6 @@
 module PeopleBlockHelper
   def profiles_images_list(profiles)
-    profiles.map { |profile| profile_image_link(profile, :minor) }.join("\n")
+    profiles.map { |profile| profile_image_link(profile, :minor) }.join("\n").html_safe
   end
 
   def set_address_protocol(address)
diff --git a/test/integration/safe_strings_test.rb b/test/integration/safe_strings_test.rb
new file mode 100644
index 0000000..f9c598d
--- /dev/null
+++ b/test/integration/safe_strings_test.rb
@@ -0,0 +1,87 @@
+require_relative "../test_helper"
+
+class SafeStringsTest < ActionDispatch::IntegrationTest
+
+  should 'not escape link to admins on profile page' do
+    person = fast_create Person
+    community = fast_create Community
+    community.add_admin(person)
+    get "/profile/#{community.identifier}"
+    assert_tag :tag => 'td', :content => 'Admins', :sibling => {
+      :tag => 'td', :child => { :tag => 'a', :content => person.name }
+    }
+  end
+
+  should 'not escape people names on members block' do
+    person = fast_create Person
+    community = fast_create Community
+    community.add_member(person)
+    community.boxes << Box.new
+    community.boxes.first.blocks << MembersBlock.new
+    get "/profile/#{community.identifier}"
+    assert_tag :tag => 'div', :attributes => { :id => "block-#{community.blocks.first.id}" }, :descendant => {
+      :tag => 'li', :attributes => { :class => 'vcard' }, :content => person.name
+    }
+  end
+
+  should 'not escape RawHTMLBlock content' do
+    community = fast_create Community
+    community.boxes << Box.new
+    community.boxes.first.blocks << RawHTMLBlock.new(:html => '<b>bold</b>')
+    get "/profile/#{community.identifier}"
+    assert_tag :tag => 'div', :attributes => { :id => "block-#{community.blocks.first.id}" }, :descendant => {
+      :tag => 'b', :content => 'bold'
+    }
+  end
+
+  should 'not escape profile header or footer' do
+    community = fast_create Community
+    community.update_header_and_footer('<b>header</b>', '<b>footer</b>')
+    get "/profile/#{community.identifier}"
+    assert_tag :tag => 'div', :attributes => { :id => 'profile-header' }, :child => { :tag => 'b', :content => 'header' }
+    assert_tag :tag => 'div', :attributes => { :id => 'profile-footer' }, :child => { :tag => 'b', :content => 'footer' }
+  end
+
+  should 'not escape &rarr; symbol from categories' do
+    create_user('marley', :password => 'test', :password_confirmation => 'test').activate
+    category = fast_create Category
+    subcategory = fast_create(Category, :parent_id => category.id)
+    Person['marley'].categories << subcategory
+    login 'marley', 'test'
+    get "/myprofile/marley/profile_editor/edit"
+    assert_tag :tag => 'a', :attributes => { :id => "remove-selected-category-#{subcategory.id}-button" },
+      :content => "#{category.name} &rarr; #{subcategory.name}"
+  end
+
+  should 'not escape MainBlock on profile design' do
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    jimi = Person['jimi']
+    jimi.boxes << Box.new
+    jimi.boxes.first.blocks << MainBlock.new
+    login 'jimi', 'test'
+    get "/myprofile/jimi/profile_design"
+    assert_tag :tag => 'div', :attributes => { :class => 'main-content' }, :content => '&lt;Main content&gt;'
+  end
+
+  should 'not escape confirmation message on deleting folders' do
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    fast_create(Folder, :name => 'Hey Joe', :profile_id => Person['jimi'].id, :updated_at => DateTime.now)
+    login 'jimi', 'test'
+    get "/myprofile/jimi/cms"
+    assert_tag :tag => 'a', :attributes => {
+      'data-confirm' => /Are you sure that you want to remove the folder &quot;Hey Joe&quot;\?/
+    }
+  end
+
+  should 'not escape people names on manage friends' do
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    friend = fast_create Person
+    Person['jimi'].add_friend(friend)
+    login 'jimi', 'test'
+    get '/myprofile/jimi/friends'
+    assert_tag :tag => 'div', :attributes => { :id => 'manage_friends' }, :descendant => {
+      :tag => 'a', :attributes => { :class => 'profile-link' }, :content => friend.name
+    }
+  end
+
+end
diff --git a/test/unit/cms_helper_test.rb b/test/unit/cms_helper_test.rb
index 26af247..2dd86ea 100644
--- a/test/unit/cms_helper_test.rb
+++ b/test/unit/cms_helper_test.rb
@@ -62,7 +62,7 @@ class CmsHelperTest < ActionView::TestCase
     profile = fast_create(Profile)
     name = 'My folder'
     folder = fast_create(Folder, :name => name, :profile_id => profile.id)
-    confirm_message = CGI.escapeHTML("Are you sure that you want to remove the folder \"#{name}\"? Note that all the items inside it will also be removed!")
+    confirm_message = "Are you sure that you want to remove the folder \"#{name}\"? Note that all the items inside it will also be removed!"
     expects(:link_to).with('Delete', {action: 'destroy', id: folder.id}, method: :post, 'data-confirm' => confirm_message, class: 'button with-text icon-delete', title: nil)
 
     result = display_delete_button(folder)
@@ -73,7 +73,7 @@ class CmsHelperTest < ActionView::TestCase
     profile = fast_create(Profile)
     name = 'My article'
     article = fast_create(TinyMceArticle, :name => name, :profile_id => profile.id)
-    confirm_message = CGI.escapeHTML("Are you sure that you want to remove the item \"#{name}\"?")
+    confirm_message = "Are you sure that you want to remove the item \"#{name}\"?"
     expects(:link_to).with('Delete', {action: 'destroy', id: article.id}, method: :post, 'data-confirm' => confirm_message, class: 'button with-text icon-delete', title: nil)
 
     result = display_delete_button(article)
--
libgit2 0.21.2