diff --git a/app/helpers/sanitize_helper.rb b/app/helpers/sanitize_helper.rb
new file mode 100644
index 0000000..8395d41
--- /dev/null
+++ b/app/helpers/sanitize_helper.rb
@@ -0,0 +1,25 @@
+module SanitizeHelper
+
+  def sanitize_html(text, type= :full_sanitize)
+      sanitizer(type).sanitize(text, scrubber: permit_scrubber)
+  end
+
+  def sanitize_link(text)
+      sanitizer(:white_list).sanitize(text, scrubber:permit_scrubber)
+  end
+
+protected
+
+  def permit_scrubber
+      scrubber = Rails::Html::PermitScrubber.new
+      scrubber.tags = Rails.application.config.action_view.sanitized_allowed_tags
+      scrubber.attributes = Rails.application.config.action_view.sanitized_allowed_attributes
+      scrubber
+  end
+
+  def sanitizer type = :full_sanitize
+    return HTML::WhiteListSanitizer.new if type == :white_list
+    HTML::FullSanitizer.new
+  end
+
+end
diff --git a/app/models/article.rb b/app/models/article.rb
index 15be5d8..84e84f3 100644
--- a/app/models/article.rb
+++ b/app/models/article.rb
@@ -1,6 +1,8 @@
 
 class Article < ActiveRecord::Base
 
+  include SanitizeHelper
+
   attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent,
                   :allow_members_to_edit, :translation_of_id, :language,
                   :license_id, :parent_id, :display_posts_in_current_language,
@@ -54,6 +56,7 @@ class Article < ActiveRecord::Base
   track_actions :create_article, :after_create, :keep_params => [:name, :url, :lead, :first_image], :if => Proc.new { |a| a.is_trackable? && !a.image? }
 
   # xss_terminate plugin can't sanitize array fields
+  # sanitize_tag_list is used with SanitizeHelper
   before_save :sanitize_tag_list
 
   before_create do |article|
@@ -870,11 +873,6 @@ class Article < ActiveRecord::Base
     tag_name.gsub(/[<>]/, '')
   end
 
-  def sanitize_html(text)
-    sanitizer = HTML::FullSanitizer.new
-    sanitizer.sanitize(text)
-  end
-
   def parent_archived?
      if self.parent_id_changed? && self.parent && self.parent.archived?
        errors.add(:parent_folder, N_('is archived!!'))
diff --git a/app/models/link_list_block.rb b/app/models/link_list_block.rb
index c17a747..4d5f7b7 100644
--- a/app/models/link_list_block.rb
+++ b/app/models/link_list_block.rb
@@ -1,5 +1,7 @@
 class LinkListBlock < Block
 
+  include SanitizeHelper
+
   attr_accessible :links
 
   ICONS = [
@@ -85,9 +87,4 @@ class LinkListBlock < Block
     end
   end
 
-  def sanitize_link(text)
-    sanitizer = HTML::WhiteListSanitizer.new
-    sanitizer.sanitize(text)
-  end
-
 end
diff --git a/app/models/scrap.rb b/app/models/scrap.rb
index 3e5a60c..abcc5f6 100644
--- a/app/models/scrap.rb
+++ b/app/models/scrap.rb
@@ -1,5 +1,7 @@
 class Scrap < ActiveRecord::Base
 
+  include SanitizeHelper
+
   attr_accessible :content, :sender_id, :receiver_id, :scrap_id
 
   SEARCHABLE_FIELDS = {
@@ -41,8 +43,7 @@ class Scrap < ActiveRecord::Base
   end
 
   def strip_all_html_tags
-    sanitizer = HTML::WhiteListSanitizer.new
-    self.content = sanitizer.sanitize(self.content, :tags => [])
+    self.content = sanitize_html(self.content)
   end
 
   def action_tracker_target
diff --git a/app/models/textile_article.rb b/app/models/textile_article.rb
index 394d1aa..8e9fc0c 100644
--- a/app/models/textile_article.rb
+++ b/app/models/textile_article.rb
@@ -1,4 +1,5 @@
 class TextileArticle < TextArticle
+  include SanitizeHelper
 
   def self.short_description
     _('Text article with Textile markup language')
@@ -31,10 +32,9 @@ class TextileArticle < TextArticle
   protected
 
   def convert_to_html(textile)
-    @@sanitizer ||= HTML::WhiteListSanitizer.new
     converter = RedCloth.new(textile|| '')
     converter.hard_breaks = false
-    @@sanitizer.sanitize(converter.to_html)
+    sanitize_html(converter.to_html, :white_list)
   end
 
 end
diff --git a/config/application.rb b/config/application.rb
index 49c0237..db2ac1e 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -15,13 +15,17 @@ module Noosfero
 
     require 'noosfero/plugin'
 
-    ALLOWED_TAGS = %w( object embed param table tr th td applet comment iframe audio video source
+    # The plugin xss_terminator(located in vendor/plugins/xss_terminator) and the helper
+    # SanitizeHelper(located in app/helpers/sanitize_helper.rb) use
+    # ALLOWED_TAGS and ALLOWED_ATTRIBUTES to make a sanitize with html.
+
+    ALLOWED_TAGS = %w(object embed param table tr th td applet comment iframe audio video source
     strong em b i p code pre tt samp kbd var sub sup dfn cite big small address hr br div span h1
-    h2 h3 h4 h5 h6 ul ol li dl dt dd abbr acronym a img blockquote del ins)
+    h2 h3 h4 h5 h6 ul ol li dl dt dd abbr acronym a img blockquote del ins a)
 
     ALLOWED_ATTRIBUTES = %w(name href cite class title src xml:lang height datetime alt abbr width
       vspace hspace heigth value type data style target codebase archive data-macro align border
-      classid code flashvars scrolling frameborder controls autoplay colspan)
+      classid code flashvars scrolling frameborder controls autoplay colspan id rowspan)
 
     config.action_view.sanitized_allowed_tags = ALLOWED_TAGS
     config.action_view.sanitized_allowed_attributes = ALLOWED_ATTRIBUTES
--
libgit2 0.21.2