diff --git a/app/models/environment.rb b/app/models/environment.rb
index 212bb5e..324914b 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -185,6 +185,8 @@ class Environment < ActiveRecord::Base
 
   validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |record| ! record.contact_email.blank? })
 
+  xss_terminate :only => [ :description ]
+
   # #################################################
   # Business logic in general
   # #################################################
diff --git a/test/functional/admin_panel_controller_test.rb b/test/functional/admin_panel_controller_test.rb
index aab3146..1520ca6 100644
--- a/test/functional/admin_panel_controller_test.rb
+++ b/test/functional/admin_panel_controller_test.rb
@@ -66,4 +66,10 @@ class AdminPanelControllerTest < Test::Unit::TestCase
     assert_equal "This is my new environment", Environment.default.description
   end
 
+  should 'sanitize description' do
+    post :site_info, :environment => { :description => "This <strong>is</strong> my new environment" }
+    assert_redirected_to :action => 'index'
+    assert_sanitized Environment.default.description
+  end
+
 end
--
libgit2 0.21.2