diff --git a/app/controllers/my_profile/profile_editor_controller.rb b/app/controllers/my_profile/profile_editor_controller.rb
index d937e6a..b6b6728 100644
--- a/app/controllers/my_profile/profile_editor_controller.rb
+++ b/app/controllers/my_profile/profile_editor_controller.rb
@@ -41,5 +41,15 @@ class ProfileEditorController < MyProfileController
     end
   end
 
+  private
+
+  require 'erb'
+  include ERB::Util
+  def sanitize
+    if params[:info]
+      params[:info][:name] = html_escape(params[:info][:name]) if params[:info][:name]
+    end
+  end
+
 end
 
diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb
index 234ec5d..92dfb24 100644
--- a/test/functional/profile_editor_controller_test.rb
+++ b/test/functional/profile_editor_controller_test.rb
@@ -52,7 +52,6 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
     assert_template 'person_info'
     assert_response :success
     assert_template 'person_info'
-
   end
 
   def test_saving_profile_info 
@@ -93,4 +92,11 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
     assert_includes person.categories, cat2
   end
 
+  should 'filter html from name when edit person_info' do
+    person = create_user('test_profile').person
+    name = "name <strong id='name_html_test'>with</strong> html"
+    post :edit, :profile => person.identifier, :info => { :name => name }
+    assert_not_equal name, assigns(:profile).info.name
+  end
+
 end
--
libgit2 0.21.2