diff --git a/app/views/budgets/index.html.erb b/app/views/budgets/index.html.erb
index 2a23575d4..3ad23eec3 100644
--- a/app/views/budgets/index.html.erb
+++ b/app/views/budgets/index.html.erb
@@ -37,14 +37,14 @@
                             class: "button margin-top expanded" %>
               <% else %>
                 <div class="callout warning margin-top">
-                  <%= t("budgets.investments.index.sidebar.verified_only",
-                        verify: link_to_verify_account).html_safe %>
+                  <%= sanitize(t("budgets.investments.index.sidebar.verified_only",
+                        verify: link_to_verify_account)) %>
                 </div>
               <% end %>
             <% else %>
               <div class="callout primary margin-top">
-                <%= t("budgets.investments.index.sidebar.not_logged_in",
-                      sign_in: link_to_signin, sign_up: link_to_signup).html_safe %>
+                <%= sanitize(t("budgets.investments.index.sidebar.not_logged_in",
+                      sign_in: link_to_signin, sign_up: link_to_signup)) %>
               </div>
             <% end %>
           <% end %>
diff --git a/app/views/budgets/investments/_ballot.html.erb b/app/views/budgets/investments/_ballot.html.erb
index ae027b2fc..73fe2fe8b 100644
--- a/app/views/budgets/investments/_ballot.html.erb
+++ b/app/views/budgets/investments/_ballot.html.erb
@@ -51,11 +51,11 @@
 
       <p>
         <small>
-          <%= t("budgets.ballots.reasons_for_not_balloting.#{reason}",
+          <%= sanitize(t("budgets.ballots.reasons_for_not_balloting.#{reason}",
                 verify_account: link_to_verify_account, signin: link_to_signin,
                 signup: link_to_signup, my_heading: my_heading,
                 change_ballot: change_ballot,
-                heading_link: heading_link(@assigned_heading, @budget)).html_safe %>
+                heading_link: heading_link(@assigned_heading, @budget))) %>
         </small>
       </p>
     </div>
diff --git a/app/views/budgets/investments/_header.html.erb b/app/views/budgets/investments/_header.html.erb
index 48f78411b..e46e2d287 100644
--- a/app/views/budgets/investments/_header.html.erb
+++ b/app/views/budgets/investments/_header.html.erb
@@ -40,9 +40,9 @@
                         heading_link: heading_link(@assigned_heading, @budget)) %>
                   <br>
                   <small>
-                    <%= t("budgets.investments.header.change_ballot",
+                    <%= sanitize(t("budgets.investments.header.change_ballot",
                         check_ballot: link_to(t("budgets.investments.header.check_ballot_link"),
-                                      budget_ballot_path(@budget))).html_safe %>
+                                      budget_ballot_path(@budget)))) %>
                   </small>
                 </div>
               </div>
diff --git a/app/views/budgets/investments/_sidebar.html.erb b/app/views/budgets/investments/_sidebar.html.erb
index 63d577241..b962db9e4 100644
--- a/app/views/budgets/investments/_sidebar.html.erb
+++ b/app/views/budgets/investments/_sidebar.html.erb
@@ -6,17 +6,17 @@
                new_budget_investment_path(budget_id: @budget.id), class: "button budget expanded" %>
   <% else %>
     <div class="callout warning">
-      <%= t("budgets.investments.index.sidebar.verified_only",
-          verify: link_to_verify_account).html_safe %>
+      <%= sanitize(t("budgets.investments.index.sidebar.verified_only",
+          verify: link_to_verify_account)) %>
     </div>
   <% end %>
 <% end %>
 
 <% if @heading && can?(:show, @ballot) %>
   <p class="callout">
-    <%= t("budgets.investments.index.sidebar.voted_info",
+    <%= sanitize(t("budgets.investments.index.sidebar.voted_info",
         link: link_to(t("budgets.investments.index.sidebar.voted_info_link"),
-            budget_ballot_path(@budget))).html_safe %>
+            budget_ballot_path(@budget)))) %>
   </p>
 <% end %>
 
@@ -52,9 +52,9 @@
             ) %>
       <br>
       <small>
-        <%= t("budgets.investments.index.sidebar.change_ballot",
+        <%= sanitize(t("budgets.investments.index.sidebar.change_ballot",
             check_ballot: link_to(t("budgets.investments.index.sidebar.check_ballot_link"),
-                          budget_ballot_path(@budget))).html_safe %>
+                          budget_ballot_path(@budget)))) %>
       </small>
     </p>
   <% else %>
diff --git a/app/views/budgets/investments/_votes.html.erb b/app/views/budgets/investments/_votes.html.erb
index 9fca61f6e..b4733a29b 100644
--- a/app/views/budgets/investments/_votes.html.erb
+++ b/app/views/budgets/investments/_votes.html.erb
@@ -31,13 +31,13 @@
     <div class="js-participation-not-allowed participation-not-allowed" style="display:none" aria-hidden="false">
       <p>
         <small>
-          <%= t("votes.budget_investments.#{reason}",
+          <%= sanitize(t("votes.budget_investments.#{reason}",
                 count: investment.group.max_votable_headings,
                 verify_account: link_to_verify_account,
                 signin: link_to_signin,
                 signup: link_to_signup,
                 supported_headings: (current_user && current_user.headings_voted_within_group(investment.group).map(&:name).sort.to_sentence)
-               ).html_safe %>
+               )) %>
         </small>
       </p>
     </div>
diff --git a/app/views/budgets/show.html.erb b/app/views/budgets/show.html.erb
index 4cf4330a1..826752248 100644
--- a/app/views/budgets/show.html.erb
+++ b/app/views/budgets/show.html.erb
@@ -23,14 +23,14 @@
             <%= link_to t("budgets.investments.index.sidebar.create"), new_budget_investment_path(@budget), class: "button margin-top expanded" %>
           <% else %>
             <div class="callout warning margin-top">
-              <%= t("budgets.investments.index.sidebar.verified_only",
-                  verify: link_to_verify_account).html_safe %>
+              <%= sanitize(t("budgets.investments.index.sidebar.verified_only",
+                  verify: link_to_verify_account)) %>
             </div>
           <% end %>
         <% else %>
           <div class="callout primary margin-top">
-            <%= t("budgets.investments.index.sidebar.not_logged_in",
-                  sign_in: link_to_signin, sign_up: link_to_signup).html_safe %>
+            <%= sanitize(t("budgets.investments.index.sidebar.not_logged_in",
+                  sign_in: link_to_signin, sign_up: link_to_signup)) %>
           </div>
         <% end %>
       <% end %>
diff --git a/app/views/comments/_comment_tree.html.erb b/app/views/comments/_comment_tree.html.erb
index 9e95cc748..78acd65c4 100644
--- a/app/views/comments/_comment_tree.html.erb
+++ b/app/views/comments/_comment_tree.html.erb
@@ -24,7 +24,7 @@
           <% elsif require_verified_resident_for_commentable?(commentable, current_user) %>
             <br>
             <div data-alert class="callout primary">
-              <%= t("comments.verified_only", verify_account: link_to_verify_account).html_safe %>
+              <%= sanitize(t("comments.verified_only", verify_account: link_to_verify_account)) %>
             </div>
           <% elsif allow_comments %>
             <%= render "comments/form", { commentable: commentable,
diff --git a/app/views/comments/_votes.html.erb b/app/views/comments/_votes.html.erb
index 95e2ab60b..925c2d19f 100644
--- a/app/views/comments/_votes.html.erb
+++ b/app/views/comments/_votes.html.erb
@@ -81,9 +81,7 @@
     </div>
 
     <div class="participation-not-allowed" style="display:none" aria-hidden="false">
-      <%= t("votes.comment_unauthenticated",
-        signin: link_to_signin,
-        signup: link_to_signup).html_safe %>
+      <%= sanitize(t("votes.comment_unauthenticated", signin: link_to_signin, signup: link_to_signup)) %>
     </div>
   <% end %>
 </div>
diff --git a/app/views/dashboard/mailer/new_actions_notification_on_create.html.erb b/app/views/dashboard/mailer/new_actions_notification_on_create.html.erb
index b26d8f7f9..0f1df7ddd 100644
--- a/app/views/dashboard/mailer/new_actions_notification_on_create.html.erb
+++ b/app/views/dashboard/mailer/new_actions_notification_on_create.html.erb
@@ -6,7 +6,7 @@
   <p>
     <%= t("mailers.new_actions_notification_on_create.text_1") %>
     <br>
-    <%= t("mailers.new_actions_notification_on_create.text_2", link: proposal_dashboard_url(@proposal)).html_safe %>
+    <%= sanitize(t("mailers.new_actions_notification_on_create.text_2", link: proposal_dashboard_url(@proposal))) %>
   </p>
   <p><%= t("mailers.new_actions_notification_on_create.text_3") %></p>
   <p><%= t("mailers.new_actions_notification_on_create.text_4") %></p>
diff --git a/app/views/dashboard/mailer/new_actions_notification_rake_created.html.erb b/app/views/dashboard/mailer/new_actions_notification_rake_created.html.erb
index 479003d2e..7f4d74cb1 100644
--- a/app/views/dashboard/mailer/new_actions_notification_rake_created.html.erb
+++ b/app/views/dashboard/mailer/new_actions_notification_rake_created.html.erb
@@ -10,9 +10,9 @@
            title: @proposal.title) %>
   </p>
   <p>
-    <%= t("mailers.new_actions_notification_rake_created.text_1",
+    <%= sanitize(t("mailers.new_actions_notification_rake_created.text_1",
            link_to_published: link_to(proposal_dashboard_url(@proposal),
-                                      proposal_dashboard_url(@proposal))).html_safe %>
+                                      proposal_dashboard_url(@proposal)))) %>
   </p>
   <p><%= t("mailers.new_actions_notification_rake_created.text_2") %></p>
   <br>
diff --git a/app/views/debates/_votes.html.erb b/app/views/debates/_votes.html.erb
index cb7cdf9f5..9cd3437a4 100644
--- a/app/views/debates/_votes.html.erb
+++ b/app/views/debates/_votes.html.erb
@@ -52,7 +52,7 @@
   <% elsif user_signed_in? && !debate.votable_by?(current_user) %>
     <div class="participation-not-allowed" style="display:none" aria-hidden="false">
       <p>
-        <%= t("votes.anonymous", verify_account: link_to_verify_account).html_safe %>
+        <%= sanitize(t("votes.anonymous", verify_account: link_to_verify_account)) %>
       </p>
     </div>
   <% elsif !user_signed_in? %>
diff --git a/app/views/debates/index.html.erb b/app/views/debates/index.html.erb
index 53788434d..d4920644b 100644
--- a/app/views/debates/index.html.erb
+++ b/app/views/debates/index.html.erb
@@ -86,8 +86,8 @@
           </p>
           <p><%= t("debates.index.section_footer.description") %></p>
           <p><%= t("debates.index.section_footer.help_text_1") %></p>
-          <p><%= t("debates.index.section_footer.help_text_2",
-                    org: link_to(setting["org_name"], new_user_registration_path)).html_safe %></p>
+          <p><%= sanitize(t("debates.index.section_footer.help_text_2",
+                    org: link_to(setting["org_name"], new_user_registration_path))) %></p>
           </p>
         </div>
       <% end %>
diff --git a/app/views/debates/new.html.erb b/app/views/debates/new.html.erb
index 4e9368c2d..4e75679de 100644
--- a/app/views/debates/new.html.erb
+++ b/app/views/debates/new.html.erb
@@ -5,8 +5,8 @@
 
     <h1><%= t("debates.new.start_new") %></h1>
     <div data-alert class="callout primary">
-      <%= t("debates.new.info",
-      info_link: link_to(t("debates.new.info_link"), new_proposal_path)).html_safe %>
+      <%= sanitize(t("debates.new.info",
+      info_link: link_to(t("debates.new.info_link"), new_proposal_path))) %>
 
       <% if feature?(:help_page) %>
         <%= link_to help_path, title: t("shared.target_blank"), target: "_blank" do %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
index cba9e6ec0..d0d219c62 100644
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -4,8 +4,8 @@
 <%= render "devise/omniauth_form" %>
 
 <p>
-  <%= t("devise_views.shared.links.signup",
-      signup_link: link_to(t("devise_views.shared.links.signup_link"), new_user_registration_path)).html_safe %>
+  <%= sanitize(t("devise_views.shared.links.signup",
+      signup_link: link_to(t("devise_views.shared.links.signup_link"), new_user_registration_path))) %>
 </p>
 
 <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
diff --git a/app/views/direct_messages/new.html.erb b/app/views/direct_messages/new.html.erb
index 30078978e..8c0635a26 100644
--- a/app/views/direct_messages/new.html.erb
+++ b/app/views/direct_messages/new.html.erb
@@ -9,8 +9,8 @@
     <% if not current_user %>
       <div class="callout primary">
         <p>
-          <%= t("users.login_to_continue",
-            signin: link_to_signin, signup: link_to_signup).html_safe %>
+          <%= sanitize(t("users.login_to_continue",
+            signin: link_to_signin, signup: link_to_signup)) %>
         </p>
       </div>
     <% elsif not @receiver.email_on_direct_message? %>
@@ -33,8 +33,8 @@
     <% else %>
       <div class="callout warning">
         <p>
-          <%= t("users.direct_messages.new.verified_only",
-                verify_account: link_to_verify_account).html_safe %>
+          <%= sanitize(t("users.direct_messages.new.verified_only",
+                verify_account: link_to_verify_account)) %>
         </p>
       </div>
     <% end %>
diff --git a/app/views/layouts/_footer.html.erb b/app/views/layouts/_footer.html.erb
index 160134d8e..383469811 100644
--- a/app/views/layouts/_footer.html.erb
+++ b/app/views/layouts/_footer.html.erb
@@ -6,10 +6,9 @@
       </h1>
 
       <p class="info">
-        <%= t("layouts.footer.description",
+        <%= sanitize(t("layouts.footer.description",
           open_source: link_to(t("layouts.footer.open_source"), t("layouts.footer.open_source_url"), target: "blank", rel: "nofollow"),
-          consul:  link_to(t("layouts.footer.consul"), t("layouts.footer.consul_url"), target: "blank", rel: "nofollow")).html_safe
-        %>
+          consul:  link_to(t("layouts.footer.consul"), t("layouts.footer.consul_url"), target: "blank", rel: "nofollow"))) %>
         <%= t("layouts.footer.contact_us") %>
       </p>
     </div>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 7fd5aee79..3c55f4f05 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -30,12 +30,12 @@
           </button>
           <h2><%= t("layouts.application.ie_title") %></h2>
           <p>
-            <%= t("layouts.application.ie",
+            <%= sanitize(t("layouts.application.ie",
             chrome: link_to(
                     t("layouts.application.chrome"), "https://www.google.com/chrome/browser/desktop/", title: t("shared.target_blank"), target: "_blank"),
             firefox: link_to(
                      t("layouts.application.firefox"), "https://www.mozilla.org/firefox", title: t("shared.target_blank"), target: "_blank")
-            ).html_safe %>
+            )) %>
           </p>
         </div>
       <![endif]-->
diff --git a/app/views/legislation/annotations/_comments_box.html.erb b/app/views/legislation/annotations/_comments_box.html.erb
index b9e8eea70..c1d1f24fd 100644
--- a/app/views/legislation/annotations/_comments_box.html.erb
+++ b/app/views/legislation/annotations/_comments_box.html.erb
@@ -37,8 +37,8 @@
 
       <div>
         <div class="participation-not-allowed" style="display: none;" aria-hidden="false">
-          <%= t("users.login_to_comment",
-              signin: link_to_signin, signup: link_to_signup).html_safe %>
+          <%= sanitize(t("users.login_to_comment",
+              signin: link_to_signin, signup: link_to_signup)) %>
         </div>
       </div>
 
diff --git a/app/views/legislation/processes/_help_gif.html.erb b/app/views/legislation/processes/_help_gif.html.erb
index fdf00a2c5..19e47a506 100644
--- a/app/views/legislation/processes/_help_gif.html.erb
+++ b/app/views/legislation/processes/_help_gif.html.erb
@@ -11,8 +11,8 @@
           <%= t("annotator.help.alt") %>
         <% else %>
           <p>
-            <%= t("annotator.help.text",
-                sign_in: link_to_signin, sign_up: link_to_signup).html_safe %>
+            <%= sanitize(t("annotator.help.text",
+                sign_in: link_to_signin, sign_up: link_to_signup)) %>
           </p>
         <% end %>
 
diff --git a/app/views/legislation/proposals/_featured_votes.html.erb b/app/views/legislation/proposals/_featured_votes.html.erb
index 090a095ea..979d2e90b 100644
--- a/app/views/legislation/proposals/_featured_votes.html.erb
+++ b/app/views/legislation/proposals/_featured_votes.html.erb
@@ -22,7 +22,7 @@
   <% elsif user_signed_in? && !proposal.votable_by?(current_user) %>
     <div class="participation-not-allowed" style="display:none" aria-hidden="false">
       <p>
-        <%= t("votes.verified_only", verify_account: link_to_verify_account).html_safe %>
+        <%= sanitize(t("votes.verified_only", verify_account: link_to_verify_account)) %>
       </p>
     </div>
   <% elsif !user_signed_in? %>
diff --git a/app/views/legislation/proposals/_votes.html.erb b/app/views/legislation/proposals/_votes.html.erb
index a2e9bedad..e60c4e2d4 100644
--- a/app/views/legislation/proposals/_votes.html.erb
+++ b/app/views/legislation/proposals/_votes.html.erb
@@ -54,8 +54,8 @@
   <% elsif user_signed_in? && !proposal.votable_by?(current_user) %>
     <div class="participation-not-allowed" style="display:none" aria-hidden="false">
       <p>
-        <%= t("legislation.proposals.not_verified",
-            verify_account: link_to_verify_account).html_safe %>
+        <%= sanitize(t("legislation.proposals.not_verified",
+            verify_account: link_to_verify_account)) %>
       </p>
     </div>
   <% elsif !user_signed_in? %>
diff --git a/app/views/legislation/questions/_participation_not_allowed.html.erb b/app/views/legislation/questions/_participation_not_allowed.html.erb
index 9057fde1a..9bbc88c9a 100644
--- a/app/views/legislation/questions/_participation_not_allowed.html.erb
+++ b/app/views/legislation/questions/_participation_not_allowed.html.erb
@@ -7,14 +7,14 @@
 <% elsif user_signed_in? && current_user.unverified? %>
   <div class="participation-not-allowed" style="display:none" aria-hidden="false">
     <p>
-      <%= t("legislation.questions.participation.verified_only",
-          verify_account: link_to_verify_account).html_safe %>
+      <%= sanitize(t("legislation.questions.participation.verified_only",
+          verify_account: link_to_verify_account)) %>
     </p>
   </div>
 <% elsif !user_signed_in? %>
   <div class="participation-not-allowed" style="display:none" aria-hidden="false">
-    <%= t("legislation.questions.participation.unauthenticated",
-          signin: link_to_signin, signup: link_to_signup).html_safe %>
+    <%= sanitize(t("legislation.questions.participation.unauthenticated",
+          signin: link_to_signin, signup: link_to_signup)) %>
   </div>
 <% elsif !@process.debate_phase.open? %>
   <div class="participation-not-allowed" style="display:none" aria-hidden="false">
diff --git a/app/views/mailer/budget_investment_created.html.erb b/app/views/mailer/budget_investment_created.html.erb
index f4ac21b61..2ba7ef5c1 100644
--- a/app/views/mailer/budget_investment_created.html.erb
+++ b/app/views/mailer/budget_investment_created.html.erb
@@ -16,8 +16,8 @@
   </p>
 
   <p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px;">
-    <%= t("mailers.budget_investment_created.follow_html",
-           link: link_to(t("mailers.budget_investment_created.follow_link"), budgets_url)).html_safe %>
+    <%= sanitize(t("mailers.budget_investment_created.follow_html",
+           link: link_to(t("mailers.budget_investment_created.follow_link"), budgets_url))) %>
   </p>
 
   <table style="width: 100%;">
diff --git a/app/views/mailer/direct_message_for_receiver.html.erb b/app/views/mailer/direct_message_for_receiver.html.erb
index 0ddd5e30d..b563ce621 100644
--- a/app/views/mailer/direct_message_for_receiver.html.erb
+++ b/app/views/mailer/direct_message_for_receiver.html.erb
@@ -26,9 +26,9 @@
       <tr>
         <td style="padding-left: 10px;">
           <p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px; margin: 0; font-style: italic; padding-bottom: 20px;">
-            <%= t("mailers.direct_message_for_receiver.unsubscribe",
+            <%= sanitize(t("mailers.direct_message_for_receiver.unsubscribe",
                 account: link_to(t("mailers.direct_message_for_receiver.unsubscribe_account"),
-                                account_url, style: "color: #2895F1; text-decoration: none;")).html_safe %>
+                                account_url, style: "color: #2895F1; text-decoration: none;"))) %>
           </p>
         </td>
       </tr>
diff --git a/app/views/mailer/proposal_notification_digest.html.erb b/app/views/mailer/proposal_notification_digest.html.erb
index 671c5ffad..39d0e4107 100644
--- a/app/views/mailer/proposal_notification_digest.html.erb
+++ b/app/views/mailer/proposal_notification_digest.html.erb
@@ -61,9 +61,9 @@
       <tr>
         <td style="padding-left: 10px;">
           <p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px; margin: 0; font-style: italic; padding-bottom: 20px;">
-            <%= t("mailers.proposal_notification_digest.unsubscribe",
+            <%= sanitize(t("mailers.proposal_notification_digest.unsubscribe",
                 account: link_to(t("mailers.proposal_notification_digest.unsubscribe_account"),
-                                account_url, style: "color: #2895F1; text-decoration: none;")).html_safe %>
+                                account_url, style: "color: #2895F1; text-decoration: none;"))) %>
           </p>
         </td>
       </tr>
diff --git a/app/views/management/document_verifications/invalid_document.html.erb b/app/views/management/document_verifications/invalid_document.html.erb
index 632432113..2f7101ca0 100644
--- a/app/views/management/document_verifications/invalid_document.html.erb
+++ b/app/views/management/document_verifications/invalid_document.html.erb
@@ -11,6 +11,6 @@
       permissions: [:debates, :create_proposals] %>
 
 <p>
-  <%= t("management.document_verifications.has_no_account_html",
-      link: link_to(t("management.document_verifications.link"), root_path, target: "_blank")).html_safe %>
+  <%= sanitize(t("management.document_verifications.has_no_account_html",
+      link: link_to(t("management.document_verifications.link"), root_path, target: "_blank"))) %>
 </p>
diff --git a/app/views/pages/help/_budgets.html.erb b/app/views/pages/help/_budgets.html.erb
index 0371a038c..2504d60d3 100644
--- a/app/views/pages/help/_budgets.html.erb
+++ b/app/views/pages/help/_budgets.html.erb
@@ -4,8 +4,8 @@
       <%= t("pages.help.budgets.title") %>
     </h3>
     <p>
-      <%= t("pages.help.budgets.description",
-           link: link_to(t("pages.help.budgets.link"), budgets_path)).html_safe %>
+      <%= sanitize(t("pages.help.budgets.description",
+           link: link_to(t("pages.help.budgets.link"), budgets_path))) %>
     </p>
 
     <figure>
diff --git a/app/views/pages/help/_debates.html.erb b/app/views/pages/help/_debates.html.erb
index 26c0fcfdd..bc6a3d6d4 100644
--- a/app/views/pages/help/_debates.html.erb
+++ b/app/views/pages/help/_debates.html.erb
@@ -4,16 +4,16 @@
       <%= t("pages.help.debates.title") %>
     </h3>
     <p>
-      <%= t("pages.help.debates.description",
+      <%= sanitize(t("pages.help.debates.description",
           org: setting["org_name"],
           link: link_to(t("pages.help.debates.link"),
-                              debates_path)).html_safe %>
+                              debates_path))) %>
     </p>
     <ul class="features">
       <li>
-        <%= t("pages.help.debates.feature_html",
+        <%= sanitize(t("pages.help.debates.feature_html",
               link: link_to(t("pages.help.debates.feature_link", org: setting["org_name"]),
-                               new_user_registration_path)).html_safe %>
+                               new_user_registration_path))) %>
       </li>
     </ul>
 
diff --git a/app/views/pages/help/_polls.html.erb b/app/views/pages/help/_polls.html.erb
index c63aac6b8..7ce3a13cb 100644
--- a/app/views/pages/help/_polls.html.erb
+++ b/app/views/pages/help/_polls.html.erb
@@ -2,14 +2,14 @@
   <div class="small-12 column">
     <h3 id="polls" data-magellan-target="polls"><%= t("pages.help.polls.title") %></h3>
     <p>
-      <%= t("pages.help.polls.description",
-            link: link_to(t("pages.help.polls.link"), polls_path)).html_safe %>
+      <%= sanitize(t("pages.help.polls.description",
+            link: link_to(t("pages.help.polls.link"), polls_path))) %>
     </p>
     <ul class="features">
       <li>
-        <%= t("pages.help.polls.feature_1",
+        <%= sanitize(t("pages.help.polls.feature_1",
               link: link_to(t("pages.help.polls.feature_1_link", org_name: setting["org_name"]),
-                               new_user_registration_path)).html_safe %>
+                               new_user_registration_path))) %>
       </li>
     </ul>
   </div>
diff --git a/app/views/pages/help/_processes.html.erb b/app/views/pages/help/_processes.html.erb
index abe64f4ab..da2f2b5ac 100644
--- a/app/views/pages/help/_processes.html.erb
+++ b/app/views/pages/help/_processes.html.erb
@@ -6,7 +6,7 @@
 
     <p>
       <% link = link_to(t("pages.help.processes.link"), legislation_processes_path) %>
-      <%= t("pages.help.processes.description", link: link).html_safe %>
+      <%= sanitize(t("pages.help.processes.description", link: link)) %>
     </p>
     <ul class="features">
       <li>
diff --git a/app/views/pages/help/_proposals.html.erb b/app/views/pages/help/_proposals.html.erb
index ececd3b85..acfd8ef60 100644
--- a/app/views/pages/help/_proposals.html.erb
+++ b/app/views/pages/help/_proposals.html.erb
@@ -4,8 +4,8 @@
       <%= t("pages.help.proposals.title") %>
     </h3>
     <p>
-      <%= t("pages.help.proposals.description",
-              link: link_to(t("pages.help.proposals.link"), proposals_path)).html_safe %>
+      <%= sanitize(t("pages.help.proposals.description",
+              link: link_to(t("pages.help.proposals.link"), proposals_path))) %>
     </p>
 
     <figure>
diff --git a/app/views/polls/_callout.html.erb b/app/views/polls/_callout.html.erb
index 4bb6e821d..19ff207da 100644
--- a/app/views/polls/_callout.html.erb
+++ b/app/views/polls/_callout.html.erb
@@ -1,9 +1,9 @@
 <% unless can?(:answer, @poll) %>
   <% if current_user.nil? %>
     <div class="callout primary">
-      <%= t("polls.show.cant_answer_not_logged_in",
+      <%= sanitize(t("polls.show.cant_answer_not_logged_in",
             signin: link_to_signin(class: "probe-message"),
-            signup: link_to_signup(class: "probe-message")).html_safe %>
+            signup: link_to_signup(class: "probe-message"))) %>
     </div>
   <% elsif current_user.unverified? %>
     <div class="callout warning">
diff --git a/app/views/proposal_notifications/new.html.erb b/app/views/proposal_notifications/new.html.erb
index c3dcb39f1..ec4409a1c 100644
--- a/app/views/proposal_notifications/new.html.erb
+++ b/app/views/proposal_notifications/new.html.erb
@@ -6,10 +6,10 @@
 
     <div class="callout primary">
       <p>
-        <%= t("proposal_notifications.new.info_about_receivers_html",
+        <%= sanitize(t("proposal_notifications.new.info_about_receivers_html",
               count: @proposal.users_to_notify.count,
               proposal_page: link_to(t("proposal_notifications.new.proposal_page"),
-                                     proposal_path(@proposal, anchor: "comments"))).html_safe %>
+                                     proposal_path(@proposal, anchor: "comments")))) %>
       </p>
     </div>
   </div>
diff --git a/app/views/proposals/_featured_votes.html.erb b/app/views/proposals/_featured_votes.html.erb
index 090a095ea..979d2e90b 100644
--- a/app/views/proposals/_featured_votes.html.erb
+++ b/app/views/proposals/_featured_votes.html.erb
@@ -22,7 +22,7 @@
   <% elsif user_signed_in? && !proposal.votable_by?(current_user) %>
     <div class="participation-not-allowed" style="display:none" aria-hidden="false">
       <p>
-        <%= t("votes.verified_only", verify_account: link_to_verify_account).html_safe %>
+        <%= sanitize(t("votes.verified_only", verify_account: link_to_verify_account)) %>
       </p>
     </div>
   <% elsif !user_signed_in? %>
diff --git a/app/views/proposals/_votes.html.erb b/app/views/proposals/_votes.html.erb
index f1801d732..c78dfa720 100644
--- a/app/views/proposals/_votes.html.erb
+++ b/app/views/proposals/_votes.html.erb
@@ -29,7 +29,7 @@
     <div tabindex="0">
       <div class="participation-not-allowed" style="display:none" aria-hidden="false">
         <p>
-          <%= t("votes.verified_only", verify_account: link_to_verify_account).html_safe %>
+          <%= sanitize(t("votes.verified_only", verify_account: link_to_verify_account)) %>
         </p>
       </div>
     </div>
diff --git a/app/views/shared/_login_to_comment.html.erb b/app/views/shared/_login_to_comment.html.erb
index 3b63339b8..564198806 100644
--- a/app/views/shared/_login_to_comment.html.erb
+++ b/app/views/shared/_login_to_comment.html.erb
@@ -1,3 +1,3 @@
 <div data-alert class="callout primary">
-  <%= t("users.login_to_comment", signin: link_to_signin, signup: link_to_signup).html_safe %>
+  <%= sanitize(t("users.login_to_comment", signin: link_to_signin, signup: link_to_signup)) %>
 </div>
diff --git a/app/views/shared/_login_to_vote.html.erb b/app/views/shared/_login_to_vote.html.erb
index 30c86b8f6..20ff9c5ce 100644
--- a/app/views/shared/_login_to_vote.html.erb
+++ b/app/views/shared/_login_to_vote.html.erb
@@ -1,3 +1,3 @@
 <div class="participation-not-allowed" style="display:none" aria-hidden="false">
-  <%= t("users.login_to_continue", signin: link_to_signin, signup: link_to_signup).html_safe %>
+  <%= sanitize(t("users.login_to_continue", signin: link_to_signin, signup: link_to_signup)) %>
 </div>
diff --git a/app/views/topics/_informative_text.html.erb b/app/views/topics/_informative_text.html.erb
index 1736ccb31..43604a623 100644
--- a/app/views/topics/_informative_text.html.erb
+++ b/app/views/topics/_informative_text.html.erb
@@ -6,7 +6,7 @@
   </div>
 <% else %>
   <div class="callout primary">
-    <%= t("community.show.create_first_community_topic.sub_first_theme",
-          sign_in: link_to_signin, sign_up: link_to_signup).html_safe %>
+    <%= sanitize(t("community.show.create_first_community_topic.sub_first_theme",
+          sign_in: link_to_signin, sign_up: link_to_signup)) %>
   </div>
 <% end %>
diff --git a/app/views/users/registrations/new.html.erb b/app/views/users/registrations/new.html.erb
index c01556c42..f296d3b69 100644
--- a/app/views/users/registrations/new.html.erb
+++ b/app/views/users/registrations/new.html.erb
@@ -7,8 +7,8 @@
   <%= render "shared/errors", resource: resource %>
 
   <p>
-    <%= t("devise_views.users.registrations.new.organization_signup",
-        signup_link: link_to(t("devise_views.users.registrations.new.organization_signup_link"), new_organization_registration_path)).html_safe %>
+    <%= sanitize(t("devise_views.users.registrations.new.organization_signup",
+        signup_link: link_to(t("devise_views.users.registrations.new.organization_signup_link"), new_organization_registration_path))) %>
   </p>
 
   <div class="row">
diff --git a/spec/features/xss_spec.rb b/spec/features/xss_spec.rb
index d75564c33..482b5bd5d 100644
--- a/spec/features/xss_spec.rb
+++ b/spec/features/xss_spec.rb
@@ -40,6 +40,15 @@ describe "Cross-Site Scripting protection", :js do
     expect(page.text).not_to be_empty
   end
 
+  scenario "link to sign in" do
+    I18nContent.create(key: "budgets.investments.index.sidebar.not_logged_in", value: attack_code)
+    create(:budget, phase: "accepting")
+
+    visit budgets_path
+
+    expect(page.text).not_to be_empty
+  end
+
   scenario "proposal actions in dashboard" do
     proposal = create(:proposal)
 
diff --git a/spec/mailers/dashboard/mailer_spec.rb b/spec/mailers/dashboard/mailer_spec.rb
index 0b7ad3a04..c51d9e6c1 100644
--- a/spec/mailers/dashboard/mailer_spec.rb
+++ b/spec/mailers/dashboard/mailer_spec.rb
@@ -182,8 +182,8 @@ describe Dashboard::Mailer do
                                       "successfully created.")
       expect(email).to have_body_text("Take advantage that your proposal is not public yet and "\
                                       "get ready to contact a lot of people.")
-      expect(email).to have_body_text(I18n.t("mailers.new_actions_notification_on_create.text_2",
-                                      link: proposal_dashboard_url(proposal)).html_safe)
+      expect(email).to have_body_text("When you are ready publish your citizen proposal from this")
+      expect(email).to have_link "link", href: proposal_dashboard_url(proposal)
       expect(email).to have_body_text("We know that creating a proposal with a hook and getting "\
                                       "the necessary support can seem complicated. But dont "\
                                       "worry because we are going to help you!")