diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 6b71939..da8e503 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -907,13 +907,15 @@ module ApplicationHelper
   end
 
   def page_title
-    (@page ? @page.title + ' - ' : '') +
-    (@topic ? @topic.title + ' - ' : '') +
-    (@section ? @section.title + ' - ' : '') +
-    (@toc ? _('Online Manual') + ' - ' : '') +
-    (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
-    (profile ? profile.short_name : environment.name) +
-    (@category ? " - #{@category.full_name}" : '')
+    CGI.escapeHTML(
+      (@page ? @page.title + ' - ' : '') +
+      (@topic ? @topic.title + ' - ' : '') +
+      (@section ? @section.title + ' - ' : '') +
+      (@toc ? _('Online Manual') + ' - ' : '') +
+      (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
+      (profile ? profile.short_name : environment.name) +
+      (@category ? " - #{@category.full_name}" : '')
+    )
   end
 
   # DEPRECATED. Do not use this.
@@ -1285,11 +1287,13 @@ module ApplicationHelper
   end
 
   def delete_article_message(article)
-    if article.folder?
-      _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
-    else
-      _("Are you sure that you want to remove the item \"%s\"?") % article.name
-    end
+    CGI.escapeHTML(
+      if article.folder?
+        _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
+      else
+        _("Are you sure that you want to remove the item \"%s\"?") % article.name
+      end
+    )
   end
 
   def expirable_link_to(expired, content, url, options = {})
diff --git a/app/helpers/layout_helper.rb b/app/helpers/layout_helper.rb
index e2db756..0025ab9 100644
--- a/app/helpers/layout_helper.rb
+++ b/app/helpers/layout_helper.rb
@@ -91,7 +91,7 @@ module LayoutHelper
   end
 
   def meta_description_tag(article=nil)
-    article ? truncate(strip_tags(article.body.to_s), :length => 200) : environment.name
+    article ? CGI.escapeHTML(truncate(strip_tags(article.body.to_s), :length => 200)) : environment.name
   end
 end
 
diff --git a/app/views/layouts/application-ng.html.erb b/app/views/layouts/application-ng.html.erb
index 346210a..b724adf 100644
--- a/app/views/layouts/application-ng.html.erb
+++ b/app/views/layouts/application-ng.html.erb
@@ -17,7 +17,7 @@
     <meta property="og:url" content="<%= @page ? url_for(@page.url) : @environment.top_url %>">
     <meta property="og:title" content="<%= h page_title %>">
     <meta property="og:site_name" content="<%= profile ? profile.name : @environment.name %>">
-    <meta property="og:description" content="<%= @page ? truncate(strip_tags(@page.body.to_s), :length => 200) : @environment.name %>">
+    <meta property="og:description" content="<%= meta_description_tag(@page) %>">
 
     <!-- site root -->
     <meta property="noosfero:root" content="<%= Noosfero.root %>"/>
--
libgit2 0.21.2