diff --git a/apps/calendar/index.php b/apps/calendar/index.php
index cf03a7a3cd33786bd7acf0569835aa44a406045a..05a808a5ae0056d39424f757b6dafb1eff421ce5 100644
--- a/apps/calendar/index.php
+++ b/apps/calendar/index.php
@@ -54,9 +54,9 @@ OCP\Util::addscript('contacts','jquery.multi-autocomplete');
 OCP\Util::addscript('','oc-vcategories');
 OCP\App::setActiveNavigationEntry('calendar_index');
 $tmpl = new OCP\Template('calendar', 'calendar', 'user');
-$tmpl->assign('eventSources', $eventSources);
+$tmpl->assign('eventSources', $eventSources,false);
 $tmpl->assign('categories', $categories);
 if(array_key_exists('showevent', $_GET)){
-	$tmpl->assign('showevent', $_GET['showevent']);
+	$tmpl->assign('showevent', $_GET['showevent'], false);
 }
 $tmpl->printPage();
diff --git a/apps/calendar/lib/app.php b/apps/calendar/lib/app.php
index 2cd28c0f782ba536c41c73f62fa1e13addf4ecff..ff7ad1cb9375d2f382b41740d4bd0e1605e42e2c 100644
--- a/apps/calendar/lib/app.php
+++ b/apps/calendar/lib/app.php
@@ -377,8 +377,8 @@ class OC_Calendar_App{
 		$lastmodified = ($last_modified)?$last_modified->getDateTime()->format('U'):0;
 		
 		$output = array('id'=>(int)$event['id'],
-						'title' => htmlspecialchars(($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed')),
-						'description' => isset($vevent->DESCRIPTION)?htmlspecialchars($vevent->DESCRIPTION->value):'',
+						'title' => ($event['summary']!=NULL || $event['summary'] != '')?$event['summary']: self::$l10n->t('unnamed'),
+						'description' => isset($vevent->DESCRIPTION)?$vevent->DESCRIPTION->value:'',
 						'lastmodified'=>$lastmodified);
 		
 		$dtstart = $vevent->DTSTART;
diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.php b/apps/calendar/templates/part.choosecalendar.rowfields.php
index 268c335601180f14ce5da90cfe62e69937c2bbad..965523f847a17752ac6052eabdae4ae91cec2ffd 100644
--- a/apps/calendar/templates/part.choosecalendar.rowfields.php
+++ b/apps/calendar/templates/part.choosecalendar.rowfields.php
@@ -1,8 +1,8 @@
 <?php
 echo '<td width="20px"><input id="active_' . $_['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Calendar.activation(this,' . $_['calendar']['id'] . ')"' . ($_['calendar']['active'] ? ' checked="checked"' : '') . '></td>';
-echo '<td  id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . htmlspecialchars($_['calendar']['displayname']) . '</label></td>';
+echo '<td  id="' . OCP\USER::getUser() . '_' . $_['calendar']['id'] . '"><label for="active_' . $_['calendar']['id'] . '">' . $_['calendar']['displayname'] . '</label></td>';
 echo '<td width="20px"><a href="#" onclick="Calendar.UI.Share.dropdown(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['id'] . '\');" title="' . $l->t("Share Calendar") . '" class="action"><img  class="svg action" src="' . ((!$_['shared']) ? OCP\Util::imagePath('core', 'actions/share.svg') : OCP\Util::imagePath('core', 'actions/shared.svg')) . '"></a></td>';
-echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . htmlentities($_['calendar']['uri']) . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img  class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
+echo '<td width="20px"><a href="#" onclick="Calendar.UI.showCalDAVUrl(\'' . OCP\USER::getUser() . '\', \'' . $_['calendar']['uri'] . '\');" title="' . $l->t("CalDav Link") . '" class="action"><img  class="svg action" src="'.OCP\Util::imagePath('core', 'actions/public.svg').'"></a></td>';
 echo '<td width="20px"><a href="?app=calendar&getfile=export.php?calid=' . $_['calendar']['id'] . '" title="' . $l->t('Download') . '" class="action"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/download.svg').'"></a></td>';
 echo '<td width="20px"><a  href="#" title="' . $l->t('Edit') . '" class="action" onclick="Calendar.UI.Calendar.edit(this, ' . $_['calendar']['id'] . ');"><img class="svg action" src="'.OCP\Util::imagePath('core', 'actions/rename.svg').'"></a></td>';
 echo '<td width="20px"><a href="#" onclick="Calendar.UI.Calendar.deleteCalendar(\'' . $_['calendar']['id'] . '\');" title="' . $l->t('Delete') . '" class="action"><img  class="svg action" src="'.OCP\Util::imagePath('core', 'actions/delete.svg').'"></a></td>';
diff --git a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php
index 6a212858a219eb83fc999bceb5c637b725ed86f6..a23266da0c39a908d7c2e830b97d63111a36a161 100644
--- a/apps/calendar/templates/part.choosecalendar.rowfields.shared.php
+++ b/apps/calendar/templates/part.choosecalendar.rowfields.shared.php
@@ -1,4 +1,4 @@
 <?php
 echo '<td width="20px"><input id="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '" type="checkbox" onClick="Calendar.UI.Share.activation(this,\'' . $_['share']['owner'] . '\',' . $_['share']['calendar']['id'] . ')"' . ($_['share']['active'] ? ' checked="checked"' : '') . '></td>';
-echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . htmlspecialchars($_['share']['calendar']['displayname']) . '</label></td>';
+echo '<td><label for="active_' . $_['share']['owner'] . '_' . $_['share']['calendar']['id'] . '">' . $_['share']['calendar']['displayname'] . '</label></td>';
 echo '<td style="font-style: italic;">' .  $l->t('shared with you by') . ' ' . $_['share']['owner'] . '</td>';
\ No newline at end of file
diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php
index 2d86ce4d3182426cbba4efda1f8c7ee57fcda29e..95eecf26223354968907b6aef343b90e09368fb0 100644
--- a/apps/calendar/templates/part.eventform.php
+++ b/apps/calendar/templates/part.eventform.php
@@ -18,7 +18,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
 		<tr>
 			<th width="75px"><?php echo $l->t("Title");?>:</th>
 			<td>
-				<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>" maxlength="100" name="title"/>
+				<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Title of the Event");?>" value="<?php echo isset($_['title']) ? $_['title'] : '' ?>" maxlength="100" name="title"/>
 			</td>
 		</tr>
 	</table>
@@ -26,7 +26,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
 		<tr>
 			<th width="75px"><?php echo $l->t("Category");?>:</th>
 			<td>
-				<input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>">
+				<input id="category" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>">
 				<a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a>
 			</td>
 			<?php if(count($_['calendar_options']) > 1) { ?>
@@ -80,7 +80,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
 			<tr>
 				<th width="85px"><?php echo $l->t("Location");?>:</th>
 				<td>
-					<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>" maxlength="100"  name="location" />
+					<input type="text" style="width:350px;" size="100" placeholder="<?php echo $l->t("Location of the Event");?>" value="<?php echo isset($_['location']) ? $_['location'] : '' ?>" maxlength="100"  name="location" />
 				</td>
 			</tr>
 		</table>
@@ -88,7 +88,7 @@ echo 'Calendar.UI.Share.idtype = "event";' . "\n" . 'Calendar.UI.Share.currentid
 			<tr>
 				<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
 				<td>
-					<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
+					<textarea style="width:350px;height: 150px;" placeholder="<?php echo $l->t("Description of the Event");?>" name="description"><?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
 				</td>
 			</tr>
 		</table>
diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php
index b966100cc113c6a8e25eac85fbece983d5b8f1e2..70ff9612157f41757e9966b3cf9d5ebdaa8732e3 100644
--- a/apps/calendar/templates/part.import.php
+++ b/apps/calendar/templates/part.import.php
@@ -9,7 +9,7 @@
 $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
 $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
 for($i = 0;$i<count($calendar_options);$i++){
-	$calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
+	$calendar_options[$i]['displayname'] = $calendar_options[$i]['displayname'];
 }
 echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
 ?>
diff --git a/apps/calendar/templates/part.showevent.php b/apps/calendar/templates/part.showevent.php
index 3646baf5bb775048028d4b938da73f48dcd88935..a5bbfd5b8f532858289ee3c0d1b421c3f59f4b64 100644
--- a/apps/calendar/templates/part.showevent.php
+++ b/apps/calendar/templates/part.showevent.php
@@ -10,7 +10,7 @@
 		<tr>
 			<th width="75px"><?php echo $l->t("Title");?>:</th>
 			<td>
-				<?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>
+				<?php echo isset($_['title']) ? $_['title'] : '' ?>
 			</td>
 		</tr>
 	</table>
@@ -79,7 +79,7 @@
 			<tr>
 				<th width="85px"><?php echo $l->t("Location");?>:</th>
 				<td>
-					<?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>
+					<?php echo isset($_['location']) ? $_['location'] : '' ?>
 				</td>
 			</tr>
 		</table>
@@ -87,7 +87,7 @@
 			<tr>
 				<th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
 				<td>
-					<?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
+					<?php echo isset($_['description']) ? $_['description'] : '' ?></textarea>
 			</tr>
 		</table>
 	</div>
diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php
index 57517505405fdd63c640d293feb312d41d58dd9d..00a61f72fdd9ce578db6146e9db3e8d58cc4b794 100644
--- a/apps/contacts/templates/part.contacts.php
+++ b/apps/contacts/templates/part.contacts.php
@@ -8,5 +8,5 @@
 		}
 	}
 ?>
-	<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
+	<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
 <?php endforeach; ?>
diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index ceb8d158580a45255f5b5cb9d4db899a13cf7d31..f0600a179d00791f52acacc372446e7ee8451ac1 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -38,7 +38,7 @@ foreach( OC_Files::getdirectorycontent( $dir ) as $i ){
 }
 
 $list = new OCP\Template( "files", "part.list", "" );
-$list->assign( "files", $files );
+$list->assign( "files", $files, false );
 $data = array('files' => $list->fetchPage());
 
 OCP\JSON::success(array('data' => $data));
diff --git a/apps/files/index.php b/apps/files/index.php
index 60a3836cb591d3d66ef3a14ad9301f544373b76f..ed36c5edab04276ddf24d603d1ef8b9d739372ca 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -73,12 +73,12 @@ foreach( explode( '/', $dir ) as $i ){
 
 // make breadcrumb und filelist markup
 $list = new OCP\Template( 'files', 'part.list', '' );
-$list->assign( 'files', $files );
-$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
-$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=');
+$list->assign( 'files', $files, false );
+$list->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
+$list->assign( 'downloadURL', OCP\Util::linkTo('files', 'download.php').'?file=', false);
 $breadcrumbNav = new OCP\Template( 'files', 'part.breadcrumb', '' );
-$breadcrumbNav->assign( 'breadcrumb', $breadcrumb );
-$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=');
+$breadcrumbNav->assign( 'breadcrumb', $breadcrumb, false );
+$breadcrumbNav->assign( 'baseURL', OCP\Util::linkTo('files', 'index.php').'&dir=', false);
 
 $upload_max_filesize = OCP\Util::computerFileSize(ini_get('upload_max_filesize'));
 $post_max_size = OCP\Util::computerFileSize(ini_get('post_max_size'));
@@ -89,8 +89,8 @@ $freeSpace=max($freeSpace,0);
 $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
 
 $tmpl = new OCP\Template( 'files', 'index', 'user' );
-$tmpl->assign( 'fileList', $list->fetchPage() );
-$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage() );
+$tmpl->assign( 'fileList', $list->fetchPage(), false );
+$tmpl->assign( 'breadcrumb', $breadcrumbNav->fetchPage(), false );
 $tmpl->assign( 'dir', $dir);
 $tmpl->assign( 'readonly', !OC_Filesystem::is_writable($dir.'/'));
 $tmpl->assign( 'files', $files );
diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php
index 3bd5a1ceef4e3bce730ec0bf67c36b4c40822ca1..44000171a17d71ef5cc9744b72319a41d877f42d 100644
--- a/apps/files/templates/index.php
+++ b/apps/files/templates/index.php
@@ -15,7 +15,7 @@
 				<form data-upload-id='1' class="file_upload_form" action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target_1">
 					<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload">
 					<input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)">
-					<input type="hidden" name="dir" value="<?php echo htmlentities($_['dir'],ENT_COMPAT,'utf-8') ?>" id="dir">
+					<input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir">
 					<button class="file_upload_filename">&nbsp;<img class='svg action' alt="Upload" src="<?php echo OCP\image_path("core", "actions/upload-white.svg"); ?>" /></button>
 					<input class="file_upload_start" type="file" name='files[]'/>
 						<a href="#" class="file_upload_button_wrapper" onclick="return false;" title="<?php echo $l->t('Upload'); echo  ' max. '.$_['uploadMaxHumanFilesize'] ?>"></a>
diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php
index a995ee34194b13e80a69e771460080d1fca1c5c3..6c37df8001eb93004d57c5234168cee8aa9d2d06 100644
--- a/apps/files_external/templates/settings.php
+++ b/apps/files_external/templates/settings.php
@@ -16,7 +16,7 @@
 			<?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?>
 			<?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
 				<tr <?php if ($mountPoint == '') echo 'id="addMountPoint"'; ?>>
-					<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo htmlentities($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
+					<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
 					<?php if ($mountPoint == ''): ?>
 						<td class="backend">
 							<select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'>
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index 5837c752ef66bd9de338d77ab6ea059d653083da..e43c99bb76a0cee7bd879d4c9e6d22f9deb19135 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
 	}
 
 	public function get() {
-		$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
+		$r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
 		for ($i = 0; $i < count($this->tiles_array); $i++) {
 			$top = rand(-5, 5);
 			$left = rand(-5, 5);
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
 	}
 	
 	public function getOnClickAction() {
-		return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
+		return 'javascript:openNewGal(\''.$this->stack_name.'\');';
 	}
 
 	private $tiles_array;
diff --git a/apps/tasks/templates/part.taskform.php b/apps/tasks/templates/part.taskform.php
index c00560903b016a769b98665ecf74cec055f97b1c..0a25ed33c91709754f30731d3887a0ab7b1703d5 100644
--- a/apps/tasks/templates/part.taskform.php
+++ b/apps/tasks/templates/part.taskform.php
@@ -5,7 +5,7 @@
 	<input type="text" id="location" name="location" placeholder="<?php echo $l->t('Location of the task');?>" value="<?php echo isset($_['details']->LOCATION) ? $_['details']->LOCATION[0]->value : '' ?>">
 	<br>
 	<label for="categories"><?php echo $l->t('Categories'); ?></label>
-	<input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? htmlspecialchars($_['categories']) : '' ?>">
+	<input id="categories" name="categories" type="text" placeholder="<?php echo $l->t('Separate categories with commas'); ?>" value="<?php echo isset($_['categories']) ? $_['categories'] : '' ?>">
 	<a class="action edit" onclick="$(this).tipsy('hide');OCCategories.edit();" title="<?php echo $l->t('Edit categories'); ?>"><img alt="<?php echo $l->t('Edit categories'); ?>" src="<?php echo OCP\image_path('core','actions/rename.svg')?>" class="svg action" style="width: 16px; height: 16px;"></a>
 	<br>
 	<label for="due"><?php echo $l->t('Due'); ?></label>
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 0c29e70b5ab2f6dd5afc69e6640ce8e05dd6a4c5..42084855e85db7d9242b109acdacd889fe9f3607 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -47,7 +47,7 @@ if ($_POST) {
 // fill template
 $tmpl = new OCP\Template( 'user_ldap', 'settings');
 foreach($params as $param){
-		$value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
+		$value = OCP\Config::getAppValue('user_ldap', $param,'');
 		$tmpl->assign($param, $value);
 }
 
diff --git a/apps/user_openid/settings.php b/apps/user_openid/settings.php
index 062322f6fe49c0a95ecbd0c1bd5dc044fa78f758..921fa371dde88b4b71cfbb4eccbf6bf588d4e366 100644
--- a/apps/user_openid/settings.php
+++ b/apps/user_openid/settings.php
@@ -2,7 +2,7 @@
 
 $tmpl = new OCP\Template( 'user_openid', 'settings');
 $identity=OCP\Config::getUserValue(OCP\USER::getUser(),'user_openid','identity','');
-$tmpl->assign('identity',htmlentities($identity));
+$tmpl->assign('identity',$identity);
 
 OCP\Util::addscript('user_openid','settings');
 
diff --git a/core/templates/404.php b/core/templates/404.php
index cd4f2b40bb2e0e21a5397a25f691fe4d420d28e0..13a81010343449ec60658b55083529e582b35eb5 100644
--- a/core/templates/404.php
+++ b/core/templates/404.php
@@ -10,6 +10,6 @@ if(!isset($_)){//also provide standalone error page
 <ul>
 	<li class='error'>
 		<?php echo $l->t( 'Cloud not found' ); ?><br/>
-		<p class='hint'><?php if(isset($_['file'])) echo htmlentities($_['file'])?></p>
+		<p class='hint'><?php if(isset($_['file'])) echo $_['file']?></p>
 	</li>
 </ul>
diff --git a/core/templates/login.php b/core/templates/login.php
index 41d6ba41ef8e0df52d9d04e7f67ca3e557664a98..a40bf5c330a8da2a3cc0655b87f29c21f74b5b03 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,7 +1,7 @@
 <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
 <form action="index.php" method="post">
 	<fieldset>
-		<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.htmlentities($_['redirect']).'" />'; } ?>
+		<?php if(!empty($_['redirect'])) { echo '<input type="hidden" name="redirect_url" value="'.$_['redirect'].'" />'; } ?>
 		<?php if($_['error']): ?>
 			<a href="./core/lostpassword/"><?php echo $l->t('Lost your password?'); ?></a>
 		<?php endif; ?>
diff --git a/lib/template.php b/lib/template.php
index 9ce041a71c3d5e61742cc8136ddca6871d9905e4..a3700e133e79786ecab01400d1ed432488b90350 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -262,6 +262,7 @@ class OC_Template{
 	 * @brief Assign variables
 	 * @param $key key
 	 * @param $value value
+	 * @param $sanitizeHTML false, if data shouldn't get passed through htmlentities
 	 * @returns true
 	 *
 	 * This function assigns a variable. It can be accessed via $_[$key] in
@@ -269,11 +270,29 @@ class OC_Template{
 	 *
 	 * If the key existed before, it will be overwritten
 	 */
-	public function assign( $key, $value ){
+		public function assign( $key, $value, $sanitizeHTML=true ){
+		if($sanitizeHTML == true) {
+			if(is_array($value)) {
+				array_walk_recursive($value,'OC_Template::sanitizeHTML');
+			} else {
+				$value = OC_Template::sanitizeHTML($value);
+			}
+		}
 		$this->vars[$key] = $value;
 		return true;
 	}
 
+
+	/**
+	 * @brief Internaly used to sanitze HTML
+	 *
+	 * This function is internally used to sanitize HTML.
+	 */
+ 	private static function sanitizeHTML( &$value ){
+ 			$value = htmlentities( $value );
+ 			return $value;
+    }
+
 	/**
 	 * @brief Appends a variable
 	 * @param $key key
@@ -357,21 +376,21 @@ class OC_Template{
 			// Decide which page we show
 			if( $this->renderas == "user" ){
 				$page = new OC_Template( "core", "layout.user" );
-				$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
+				$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ), false);
 				$page->assign('requesttoken', $this->vars['requesttoken']);
 				if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
-					$page->assign('bodyid','body-settings');
+					$page->assign('bodyid','body-settings', false);
 				}else{
-					$page->assign('bodyid','body-user');
+					$page->assign('bodyid','body-user', false);
 				}
 
 				// Add navigation entry
 				$navigation = OC_App::getNavigation();
-				$page->assign( "navigation", $navigation);
-				$page->assign( "settingsnavigation", OC_App::getSettingsNavigation());
+				$page->assign( "navigation", $navigation, false);
+				$page->assign( "settingsnavigation", OC_App::getSettingsNavigation(), false);
 				foreach($navigation as $entry) {
 					if ($entry['active']) {
-						$page->assign( 'application', $entry['name'] );
+						$page->assign( 'application', $entry['name'], false );
 						break;
 					}
 				}
@@ -385,7 +404,7 @@ class OC_Template{
 			// Read the detected formfactor and use the right file name.
 			$fext = self::getFormFactorExtension();
 
-			$page->assign('jsfiles', array());
+			$page->assign('jsfiles', array(), false);
 			// Add the core js files or the js files provided by the selected theme
 			foreach(OC_Util::$scripts as $script){
 				// Is it in 3rd party?
@@ -460,13 +479,13 @@ class OC_Template{
 			}
 
 			// Add custom headers
-			$page->assign('headers',$this->headers);
+			$page->assign('headers',$this->headers, false);
 			foreach(OC_Util::$headers as $header){
 				$page->append('headers',$header);
 			}
 
 			// Add css files and js files
-			$page->assign( "content", $data );
+			$page->assign( "content", $data, false );
 			return $page->fetchPage();
 		}
 		else{
@@ -511,13 +530,13 @@ class OC_Template{
 			$_ = array_merge( $additionalparams, $this->vars );
 		}
 
-		// Einbinden
+		// Include
 		ob_start();
 		include( $this->path.$file.'.php' );
 		$data = ob_get_contents();
 		@ob_end_clean();
 
-		// Daten zurückgeben
+		// Return data
 		return $data;
 	}
 
@@ -531,7 +550,7 @@ class OC_Template{
 	public static function printUserPage( $application, $name, $parameters = array() ){
 		$content = new OC_Template( $application, $name, "user" );
 		foreach( $parameters as $key => $value ){
-			$content->assign( $key, $value );
+			$content->assign( $key, $value, false );
 		}
 		print $content->printPage();
 	}
@@ -546,7 +565,7 @@ class OC_Template{
 	public static function printAdminPage( $application, $name, $parameters = array() ){
 		$content = new OC_Template( $application, $name, "admin" );
 		foreach( $parameters as $key => $value ){
-			$content->assign( $key, $value );
+			$content->assign( $key, $value, false );
 		}
 		return $content->printPage();
 	}
@@ -561,7 +580,7 @@ class OC_Template{
 	public static function printGuestPage( $application, $name, $parameters = array() ){
 		$content = new OC_Template( $application, $name, "guest" );
 		foreach( $parameters as $key => $value ){
-			$content->assign( $key, $value );
+			$content->assign( $key, $value,false );
 		}
 		return $content->printPage();
 	}
diff --git a/settings/admin.php b/settings/admin.php
index a997bad4e3c8553987a73f0ec87ea4194d057dc5..4cbd67c36785645747f92cb4f7d59fcac30fb3bf 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -23,7 +23,7 @@ function compareEntries($a,$b){
 usort($entries, 'compareEntries');
 
 $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries);
+$tmpl->assign('entries',$entries,false);
 $tmpl->assign('forms',array());
 foreach($forms as $form){
 	$tmpl->append('forms',$form);
diff --git a/settings/apps.php b/settings/apps.php
index 7908e6cc18b50e36e150b3ef5fd2b5bc8f18aa38..f85b28158f584352c6edcf23f99b43186f185d10 100644
--- a/settings/apps.php
+++ b/settings/apps.php
@@ -92,7 +92,7 @@ usort($apps, 'app_sort');
 
 
 $tmpl = new OC_Template( "settings", "apps", "user" );
-$tmpl->assign('apps',$apps);
+$tmpl->assign('apps',$apps, false);
 
 $tmpl->printPage();
 
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index d167f2780ef310e335cf0c45b2e584f728249cc4..38c6042c82ae68fa5022b0c6d75d3a4a452a7241 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -29,7 +29,7 @@ $levels=array('Debug','Info','Warning','Error','Fatal');
 				<?php echo $entry->app;?>
 			</td>
 			<td>
-				<?php echo htmlentities($entry->message);?>
+				<?php echo $entry->message;?>
 			</td>
 			<td>
 				<?php echo OC_Util::formatDate($entry->time);?>
diff --git a/settings/templates/help.php b/settings/templates/help.php
index cf61207e6015bf3ac3978570627104b60b3841df..a53ec76d681a28fb805cb0987728873e4c9e404f 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -26,9 +26,9 @@
 	<?php foreach($_["kbe"] as $kb): ?>
 	<div class="helpblock">
 		<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
-		<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
-		<p><?php echo htmlentities($kb['description']);?></p>
-		<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
+		<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
+		<p><?php echo $kb['description'];?></p>
+		<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
 	</div>
 	<?php endforeach;
 endif?>