6 files changed, 8 insertions, 8 deletions

diff --git a/app/models/comment.rb b/app/models/comment.rb
index 5507910e2..bcd1efca8 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -68,7 +68,7 @@ class Comment < ActiveRecord::Base
         text = CGI.escapeHTML(text)
         text = MySociety::Format.make_clickable(text, :contract => 1)
         text = text.gsub(/\n/, '<br>')
-        return text
+        return text.html_safe
     end
 
     # When posting a new comment, use this to check user hasn't double submitted.
diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb
index 339a7a3e2..3f551f420 100644
--- a/app/models/incoming_message.rb
+++ b/app/models/incoming_message.rb
@@ -695,7 +695,7 @@ class IncomingMessage < ActiveRecord::Base
 
         text = text.gsub(/\n/, '<br>')
         text = text.gsub(/(?:<br>\s*){2,}/, '<br><br>') # remove excess linebreaks that unnecessarily space it out
-        return text
+        return text.html_safe
     end
 
 
diff --git a/app/models/info_request.rb b/app/models/info_request.rb
index 3355b9443..cee9eb959 100644
--- a/app/models/info_request.rb
+++ b/app/models/info_request.rb
@@ -284,9 +284,9 @@ public
         # into some sort of separate jurisdiction dependent file
         if self.public_body.url_name == 'general_register_office'
             # without GQ in the subject, you just get an auto response
-            _('{{law_used_full}} request GQ - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title)
+            _('{{law_used_full}} request GQ - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe)
         else
-            _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title)
+            _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe)
         end
     end
     def email_subject_followup(incoming_message = nil)
diff --git a/app/models/outgoing_message.rb b/app/models/outgoing_message.rb
index 2e98e1021..441813e5f 100644
--- a/app/models/outgoing_message.rb
+++ b/app/models/outgoing_message.rb
@@ -252,7 +252,7 @@ class OutgoingMessage < ActiveRecord::Base
         text = MySociety::Format.make_clickable(text, :contract => 1)
         text.gsub!(/\[(email address|mobile number)\]/, '[<a href="/help/officers#mobiles">\1</a>]')
         text = text.gsub(/\n/, '<br>')
-        return text
+        return text.html_safe
     end
 
     def fully_destroy
diff --git a/app/models/public_body.rb b/app/models/public_body.rb
index 96f7733ed..f71520ee6 100644
--- a/app/models/public_body.rb
+++ b/app/models/public_body.rb
@@ -301,7 +301,7 @@ class PublicBody < ActiveRecord::Base
                 ret = ret + " and "
             end
             ret = ret + types[-1]
-            return ret
+            return ret.html_safe
         else
             return _("A public authority")
         end
diff --git a/app/models/track_thing.rb b/app/models/track_thing.rb
index 2a61eb858..81800f0ae 100644
--- a/app/models/track_thing.rb
+++ b/app/models/track_thing.rb
@@ -203,7 +203,7 @@ class TrackThing < ActiveRecord::Base
                     :verb_on_page => _("Follow this request"),
                     :verb_on_page_already => _("You are already following this request"),
                     # Email
-                    :title_in_email => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title),
+                    :title_in_email => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title.html_safe),
                                          :title_in_rss => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title),
                     # Authentication
                     :web => _("To follow the request '{{request_title}}'", :request_title => CGI.escapeHTML(self.info_request.title)),
@@ -270,7 +270,7 @@ class TrackThing < ActiveRecord::Base
                     :verb_on_page => _("Follow this person"),
                     :verb_on_page_already => _("You are already following this person"),
                     # Email
-                    :title_in_email => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name),
+                    :title_in_email => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name.html_safe),
                     :title_in_rss => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name),
                     # Authentication
                     :web => _("To follow requests by '{{user_name}}'", :user_name=>CGI.escapeHTML(self.tracked_user.name)),