diff --git a/app/views/shared/tiny_mce.rhtml b/app/views/shared/tiny_mce.rhtml
index 78307b5..593a481 100644
--- a/app/views/shared/tiny_mce.rhtml
+++ b/app/views/shared/tiny_mce.rhtml
@@ -24,7 +24,7 @@ tinyMCE.init({
         apply_source_formatting : true,
         content_css: '/stylesheets/tinymce.css',
         language: <%= tinymce_language.inspect %>,
-        cleanup_callback : "customCleanup"
+        entity_encoding: 'raw'
         });
 
 function convertWord(type, content) {
@@ -43,16 +43,4 @@ function convertWord(type, content) {
   return content;
 }
 
-function customCleanup(type, value) {
-  switch (type) {
-    case "get_from_editor":
-      value = value.replace(/&amp;amp;/g,"&amp;");
-		break;
-    case "insert_to_editor":
-      value = value.replace(/&amp;amp;/g,"&amp;");
-		break;
-  }
-  return value;
-}
-
 </script>
diff --git a/test/unit/tiny_mce_article_test.rb b/test/unit/tiny_mce_article_test.rb
index c32534f..75265f2 100644
--- a/test/unit/tiny_mce_article_test.rb
+++ b/test/unit/tiny_mce_article_test.rb
@@ -4,7 +4,9 @@ class TinyMceArticleTest < Test::Unit::TestCase
 
   def setup
     Article.rebuild_index
+    @profile = create_user('zezinho').person
   end
+  attr_reader :profile
   
   # this test can be removed when we get real tests for TinyMceArticle 
   should 'be an article' do
@@ -20,16 +22,21 @@ class TinyMceArticleTest < Test::Unit::TestCase
   end
 
   should 'be found when searching for articles by query' do
-    ze = create_user('zezinho').person
-    tma = TinyMceArticle.create!(:name => 'test tinymce article', :body => '---', :profile => ze)
+    tma = TinyMceArticle.create!(:name => 'test tinymce article', :body => '---', :profile => profile)
     assert_includes TinyMceArticle.find_by_contents('article'), tma
     assert_includes Article.find_by_contents('article'), tma
   end
 
   should 'not sanitize target attribute' do
-    ze = create_user('zezinho').person
-    article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => ze)
+    article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile)
     assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'}
   end
 
+  should 'not translate & to amp; over times' do
+    article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile)
+    assert article.save
+    assert_no_match /&amp;amp;/, article.body
+    assert_match /&amp;/, article.body
+  end
+
 end
diff --git a/vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb b/vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
new file mode 100644
index 0000000..af24e18
--- /dev/null
+++ b/vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
@@ -0,0 +1,22 @@
+# monkey patch to fix WhiteListSanitizer bug
+# http://apidock.com/rails/HTML/WhiteListSanitizer/process_attributes_for
+#
+# this was solved in rails 2.2.1, then remove this patch when upgrade to it
+
+HTML::WhiteListSanitizer.module_eval do
+  # unescape before reescape to avoid:
+  # & -> &amp; -> &amp;amp; -> &amp;amp;amp; -> &amp;amp;amp;amp; -> etc
+  protected
+  def process_attributes_for(node, options)
+    return unless node.attributes
+    node.attributes.keys.each do |attr_name|
+      value = node.attributes[attr_name].to_s
+
+      if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
+        node.attributes.delete(attr_name)
+      else
+        node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value))
+      end
+    end
+  end
+end
--
libgit2 0.21.2