diff --git a/app/views/assignments/_form.html.erb b/app/views/assignments/_form.html.erb
index 0998a243be..b94fa0bc7d 100644
--- a/app/views/assignments/_form.html.erb
+++ b/app/views/assignments/_form.html.erb
@@ -18,7 +18,7 @@
   </div>
   <div id="description" class="field form-group">
     <h6><%= form.label :description %></h6>
-    <%= render :partial => 'editor/index', :locals => {:content => @assignment.description} %>
+    <%= render :partial => 'editor/index', :locals => {:content => (sanitize @assignment.description)} %>
   </div>
   <div id="deadline-field" class="field form-group projects-tag-form-group">
     <h6><label for="assignment_deadline">Deadline</label></h6> (<span id='remaining-time'><b>(something went wrong when loading script)</b></span>)
diff --git a/app/views/assignments/show.html.erb b/app/views/assignments/show.html.erb
index 4003c1cf0a..87990a0f4e 100644
--- a/app/views/assignments/show.html.erb
+++ b/app/views/assignments/show.html.erb
@@ -32,7 +32,7 @@
           <% if @assignment.description %>
             <p><strong>Description: </strong></p>
             <div class="assignments-description">
-              <%= @assignment.description&.html_safe %>
+              <%= sanitize @assignment.description&.html_safe %>
             </div>
           <% end %>
           <% if @assignment.restricted_circuit_elements != "None" %>
diff --git a/app/views/projects/_form.html.erb b/app/views/projects/_form.html.erb
index 4d9ee4d8e6..17bda760d0 100644
--- a/app/views/projects/_form.html.erb
+++ b/app/views/projects/_form.html.erb
@@ -39,7 +39,7 @@
   </div>
   <div class="field form-group" id="description">
     <h6><%= form.label :description %></h6>
-    <%= render :partial => 'editor/index', :locals => {:content => @project.description} %>
+    <%= render :partial => 'editor/index', :locals => {:content => (sanitize @project.description)} %>
   </div>
   <div class="field form-group" onclick="beforeSubmit()">
     <%= form.submit class: 'btn primary-button' %> &nbsp;