diff --git a/admin-dev/themes/default/template/layout.tpl b/admin-dev/themes/default/template/layout.tpl
index 20ce8ad9e..d4607ae5a 100644
--- a/admin-dev/themes/default/template/layout.tpl
+++ b/admin-dev/themes/default/template/layout.tpl
@@ -26,7 +26,7 @@
 {include file='header.tpl'}
 {if isset($conf)}
 	<div class="conf">
-		{$conf|html_entity_decode:$smarty.const.ENT_QUOTES:'UTF-8'|escape:'htmlall':'UTF-8'}
+		{$conf}
 	</div>
 {/if}
 {if count($errors) && (!isset($disableDefaultErrorOutPut) || $disableDefaultErrorOutPut == false)}
@@ -42,7 +42,7 @@
 			<br/>
 			<ol>
 				{foreach $errors as $error}
-					<li>{$error|html_entity_decode:$smarty.const.ENT_QUOTES:'UTF-8'|escape:'htmlall':'UTF-8'}</li>
+					<li>{$error}</li>
 				{/foreach}
 			</ol>
 		{/if}
@@ -52,7 +52,7 @@
 {if isset($informations) && count($informations) && $informations}
 	<div class="hint clear" style="display:block;">
 		{foreach $informations as $info}
-			{$info|html_entity_decode:$smarty.const.ENT_QUOTES:'UTF-8'|escape:'htmlall':'UTF-8'}<br />
+			{$info}<br />
 		{/foreach}
 	</div><br />
 {/if}
@@ -60,7 +60,7 @@
 {if isset($confirmations) && count($confirmations) && $confirmations}
 	<div class="conf" style="display:block;">
 		{foreach $confirmations as $conf}
-			{$conf|html_entity_decode:$smarty.const.ENT_QUOTES:'UTF-8'|escape:'htmlall':'UTF-8'}<br />
+			{$conf}<br />
 		{/foreach}
 	</div><br />
 {/if}
@@ -78,13 +78,13 @@
 			</span>
 			<ul {if count($warnings) > 1}style="display:none;"{/if} id="seeMore">
 			{foreach $warnings as $warning}
-				<li>{$warning|html_entity_decode:$smarty.const.ENT_QUOTES:'UTF-8'|escape:'htmlall':'UTF-8'}</li>
+				<li>{$warning}</li>
 			{/foreach}
 			</ul>
 		{else}
 			<ul style="margin-top: 3px">
 			{foreach $warnings as $warning}
-				<li>{$warning|html_entity_decode:$smarty.const.ENT_QUOTES:'UTF-8'|escape:'htmlall':'UTF-8'}</li>
+				<li>{$warning}</li>
 			{/foreach}
 			</ul>
 		{/if}
diff --git a/classes/controller/AdminController.php b/classes/controller/AdminController.php
index 9ec2fed30..9c961e3ea 100644
--- a/classes/controller/AdminController.php
+++ b/classes/controller/AdminController.php
@@ -608,7 +608,6 @@ class AdminControllerCore extends Controller
 	{
 		/* Checking fields validity */
 		$this->validateRules();
-
 		if (count($this->errors) <= 0)
 		{
 			$object = new $this->className();
@@ -2196,7 +2195,7 @@ class AdminControllerCore extends Controller
 				if (!Tools::getValue($this->identifier) || ($field != 'passwd' && $field != 'no-picture'))
 					$this->errors[] = sprintf(
 						Tools::displayError('The field %s is required.'),
-						call_user_func(array($class_name, 'displayFieldName'), $field, $class_name)
+						Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field, $class_name))
 					);
 
 		/* Checking for multilingual required fields */
@@ -2204,7 +2203,7 @@ class AdminControllerCore extends Controller
 			if (($empty = Tools::getValue($field_lang.'_'.$default_language->id)) === false || $empty !== '0' && empty($empty))
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %1$s is required at least in %2$s.'),
-					call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name),
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name)),
 					$default_language->name
 				);
 
@@ -2213,7 +2212,7 @@ class AdminControllerCore extends Controller
 			if (Tools::getValue($field) !== false && Tools::strlen(Tools::getValue($field)) > $max_length)
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %1$s is too long (%2$d chars max).'),
-					call_user_func(array($class_name, 'displayFieldName'), $field, $class_name),
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field, $class_name)),
 					$max_length
 				);
 
@@ -2225,7 +2224,7 @@ class AdminControllerCore extends Controller
 				if ($field_lang !== false && Tools::strlen($field_lang) > $max_length)
 					$this->errors[] = sprintf(
 						Tools::displayError('The field %1$s (%2$s) is too long (%3$d chars max, html chars including).'),
-						call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name),
+						Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name)),
 						$language['name'],
 						$max_length
 					);
@@ -2239,7 +2238,7 @@ class AdminControllerCore extends Controller
 				if (!Validate::$function($value) && !empty($value))
 					$this->errors[] = sprintf(
 						Tools::displayError('The field %s is invalid.'),
-						call_user_func(array($class_name, 'displayFieldName'), $field, $class_name)
+						Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field, $class_name))
 					);
 
 		/* Checking for passwd_old validity */
@@ -2248,12 +2247,12 @@ class AdminControllerCore extends Controller
 			if ($class_name == 'Employee' && !Validate::isPasswdAdmin($value))
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %s is invalid.'),
-					call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name)
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name))
 				);
 			elseif ($class_name == 'Customer' && !Validate::isPasswd($value))
 				$this->errors[] = sprintf(
 					Tools::displayError('The field %s is invalid.'),
-					call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name)
+					Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name))
 				);
 		}
 
@@ -2264,7 +2263,7 @@ class AdminControllerCore extends Controller
 					if (!Validate::$function($value))
 						$this->errors[] = sprintf(
 							Tools::displayError('The field %1$s (%2$s) is invalid.'),
-							call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name),
+							Tools::safeOutput(call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name)),
 							$language['name']
 						);
 	}
diff --git a/controllers/admin/AdminMetaController.php b/controllers/admin/AdminMetaController.php
index 0378cd94d..38dc6efb9 100644
--- a/controllers/admin/AdminMetaController.php
+++ b/controllers/admin/AdminMetaController.php
@@ -498,8 +498,13 @@ class AdminMetaControllerCore extends AdminController
 	{
 		if (!Shop::isFeatureActive() && $this->url && $this->url->domain != $value)
 		{
-			$this->url->domain = $value;
-			$this->url->update();
+			if (Validate::isCleanHtml($value))
+			{
+				$this->url->domain = $value;
+				$this->url->update();
+			}
+			else
+				$this->errors[] = Tools::displayError('Domain is not valid');
 		}
 	}
 
@@ -510,8 +515,13 @@ class AdminMetaControllerCore extends AdminController
 	{
 		if (!Shop::isFeatureActive() && $this->url && $this->url->domain_ssl != $value)
 		{
-			$this->url->domain_ssl = $value;
-			$this->url->update();
+			if (Validate::isCleanHtml($value))
+			{
+				$this->url->domain_ssl = $value;
+				$this->url->update();
+			}
+			else
+				$this->errors[] = Tools::displayError('SSL Domain is not valid');
 		}
 	}
 
diff --git a/controllers/admin/AdminProductsController.php b/controllers/admin/AdminProductsController.php
index 3bf373b6b..18a2ae4c7 100644
--- a/controllers/admin/AdminProductsController.php
+++ b/controllers/admin/AdminProductsController.php
@@ -135,7 +135,7 @@ class AdminProductsControllerCore extends AdminController
 			'title' => $this->l('Displayed'),
 			'width' => 70,
 			'active' => 'status',
-			'filter_key' => 'a!active',
+			'filter_key' => 'sa!active',
 			'align' => 'center',
 			'type' => 'bool',
 			'orderby' => false