diff --git a/config/application.rb b/config/application.rb
index 8e0041d..49c0237 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -15,12 +15,17 @@ module Noosfero
 
     require 'noosfero/plugin'
 
-    config.action_view.sanitized_allowed_tags |= %w(object embed param table
-      tr th td applet comment iframe audio video source)
-    config.action_view.sanitized_allowed_attributes |= %w(align border alt
-      vspace hspace width heigth value type data style target codebase archive
+    ALLOWED_TAGS = %w( object embed param table tr th td applet comment iframe audio video source
+    strong em b i p code pre tt samp kbd var sub sup dfn cite big small address hr br div span h1
+    h2 h3 h4 h5 h6 ul ol li dl dt dd abbr acronym a img blockquote del ins)
+
+    ALLOWED_ATTRIBUTES = %w(name href cite class title src xml:lang height datetime alt abbr width
+      vspace hspace heigth value type data style target codebase archive data-macro align border
       classid code flashvars scrolling frameborder controls autoplay colspan)
 
+    config.action_view.sanitized_allowed_tags = ALLOWED_TAGS
+    config.action_view.sanitized_allowed_attributes = ALLOWED_ATTRIBUTES
+
     require 'noosfero/multi_tenancy'
     config.middleware.use Noosfero::MultiTenancy::Middleware
 
diff --git a/vendor/plugins/xss_terminate/lib/xss_terminate.rb b/vendor/plugins/xss_terminate/lib/xss_terminate.rb
index e77ff8f..6356cd6 100644
--- a/vendor/plugins/xss_terminate/lib/xss_terminate.rb
+++ b/vendor/plugins/xss_terminate/lib/xss_terminate.rb
@@ -1,6 +1,4 @@
 module XssTerminate
-  ALLOWED_CORE_ATTRIBUTES = %w(name href cite class title src xml:lang height datetime alt abbr width)
-  ALLOWED_CUSTOM_ATTRIBUTES = %w(data-macro)
 
   def self.sanitize_by_default=(value)
     @@sanitize_by_default = value
@@ -40,30 +38,33 @@ module XssTerminate
 
   module InstanceMethods
 
-    def sanitize_allowed_attributes
-      ALLOWED_CORE_ATTRIBUTES | ALLOWED_CUSTOM_ATTRIBUTES
-    end
-
     def sanitize_field(sanitizer, field, serialized = false)
       field = field.to_sym
       if serialized
         puts field
         self[field].each_key { |key|
           key = key.to_sym
-          self[field][key] = sanitizer.sanitize(self[field][key], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)
+          self[field][key] = sanitizer.sanitize(self[field][key], encode_special_chars: false, scrubber: permit_scrubber )
         }
       else
         if self[field]
-          self[field] = sanitizer.sanitize(self[field], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)
+          self[field] = sanitizer.sanitize(self[field], encode_special_chars: false, scrubber: permit_scrubber )
         else
           value = self.send("#{field}")
           return unless value
-          value = sanitizer.sanitize(value, scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)
+          value = sanitizer.sanitize(value, encode_special_chars: false, scrubber: permit_scrubber)
           self.send("#{field}=", value)
         end
       end
     end
 
+    def  permit_scrubber
+        scrubber = Rails::Html::PermitScrubber.new
+        scrubber.tags = Rails.application.config.action_view.sanitized_allowed_tags
+        scrubber.attributes = Rails.application.config.action_view.sanitized_allowed_attributes
+        scrubber
+    end
+
     def sanitize_columns(with = :full)
       columns_serialized = self.class.serialized_attributes.keys
       only = eval "xss_terminate_#{with}_options[:only]"
@@ -75,27 +76,20 @@ module XssTerminate
     end
 
     def sanitize_fields_with_full
-      sanitizer = Rails::Html::FullSanitizer.new
-      columns, columns_serialized = sanitize_columns(:full)
-      columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
-      end
+      sanitize_fields_with(Rails::Html::FullSanitizer.new,:full)
     end
 
     def sanitize_fields_with_white_list
-      sanitizer = Rails::Html::WhiteListSanitizer.new
-      columns, columns_serialized = sanitize_columns(:white_list)
-      columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
-      end
-   end
+      sanitize_fields_with(Rails::Html::WhiteListSanitizer.new,:white_list)
+    end
 
     def sanitize_fields_with_html5lib
-      sanitizer = HTML5libSanitize.new
-      columns = sanitize_columns(:html5lib)
-      columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
-      end
+      sanitize_fields_with(HTML5libSanitize.new,:html5lib)
+    end
+
+    def sanitize_fields_with sanitizer, type
+      columns, columns_serialized = sanitize_columns(type)
+      columns.each {|column| sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))}
     end
 
   end
--
libgit2 0.21.2