diff --git a/addons/userrights/userrightsprofile.class.inc.php b/addons/userrights/userrightsprofile.class.inc.php
index c6b1ca722..9d1c771be 100644
--- a/addons/userrights/userrightsprofile.class.inc.php
+++ b/addons/userrights/userrightsprofile.class.inc.php
@@ -124,7 +124,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 				$bGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if ($bGrant === true)
 				{
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
diff --git a/addons/userrights/userrightsprofile.db.class.inc.php b/addons/userrights/userrightsprofile.db.class.inc.php
index 44b40ab30..10fc826d9 100644
--- a/addons/userrights/userrightsprofile.db.class.inc.php
+++ b/addons/userrights/userrightsprofile.db.class.inc.php
@@ -278,8 +278,8 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			{
 				$oGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if (is_object($oGrant) && ($oGrant->Get('permission') == 'yes'))
-				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+				{
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
diff --git a/addons/userrights/userrightsprojection.class.inc.php b/addons/userrights/userrightsprojection.class.inc.php
index 6aa5eefc0..84f239c52 100644
--- a/addons/userrights/userrightsprojection.class.inc.php
+++ b/addons/userrights/userrightsprojection.class.inc.php
@@ -110,8 +110,8 @@ class URP_Profiles extends UserRightsBaseClass
 			{
 				$oGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if (is_object($oGrant) && ($oGrant->Get('permission') == 'yes'))
-				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+				{
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
diff --git a/application/applicationcontext.class.inc.php b/application/applicationcontext.class.inc.php
index 1361f92d3..903fa2cee 100644
--- a/application/applicationcontext.class.inc.php
+++ b/application/applicationcontext.class.inc.php
@@ -224,7 +224,7 @@ class ApplicationContext
 	{
 		$sContext = "";
 		foreach ($this->aValues as $sName => $sValue) {
-			$sContext .= "<input type=\"hidden\" name=\"c[$sName]\" value=\"".htmlentities($sValue, ENT_QUOTES, 'UTF-8')."\" />\n";
+			$sContext .= "<input type=\"hidden\" name=\"c[$sName]\" value=\"".utils::EscapeHtml($sValue)."\" />\n";
 		}
 		return $sContext;
 	}
@@ -238,7 +238,7 @@ class ApplicationContext
 	{
 		$aContextInputBlocks = [];
 		foreach ($this->aValues as $sName => $sValue) {
-			$aContextInputBlocks[] = InputUIBlockFactory::MakeForHidden("c[$sName]", htmlentities($sValue, ENT_QUOTES, 'UTF-8'));
+			$aContextInputBlocks[] = InputUIBlockFactory::MakeForHidden("c[$sName]", utils::EscapeHtml($sValue));
 		}
 		return $aContextInputBlocks;
 	}
diff --git a/application/cmdbabstract.class.inc.php b/application/cmdbabstract.class.inc.php
index efc31737b..8aa96b247 100644
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -987,10 +987,8 @@ HTML
 												$this->GetSynchroReplicaFlags($sAttCode, $aReasons);
 												$sTip = '';
 												foreach ($aReasons as $aRow) {
-													$sDescription = htmlentities($aRow['description'], ENT_QUOTES,
-														'UTF-8');
-													$sDescription = str_replace(array("\r\n", "\n"), "<br/>",
-														$sDescription);
+													$sDescription = utils::EscapeHtml($aRow['description']);
+													$sDescription = str_replace(array("\r\n", "\n"), "<br/>", $sDescription);
 													$sTip .= "<div class='synchro-source'>";
 													$sTip .= "<div class='synchro-source-title'>Synchronized with {$aRow['name']}</div>";
 													$sTip .= "<div class='synchro-source-description'>$sDescription</div>";
@@ -1403,7 +1401,7 @@ HTML
 						} else {
 							if ($oAttDef instanceof AttributeCaseLog) {
 								$rawValue = $oObj->Get($sAttCodeEx);
-								$outputValue = str_replace("\n", "<br/>", htmlentities($rawValue->__toString(), ENT_QUOTES, 'UTF-8'));
+								$outputValue = str_replace("\n", "<br/>", utils::EscapeHtml($rawValue->__toString()));
 								// Trick for Excel: treat the content as text even if it begins with an equal sign
 								$aRow[$oAttDef->GetCode()] = $outputValue;
 							} else {
@@ -1417,9 +1415,9 @@ HTML
 									}
 								}
 								if ($bLocalize) {
-									$outputValue = htmlentities($oFinalAttDef->GetEditValue($rawValue), ENT_QUOTES, 'UTF-8');
+									$outputValue = utils::EscapeHtml($oFinalAttDef->GetEditValue($rawValue));
 								} else {
-									$outputValue = htmlentities($rawValue, ENT_QUOTES, 'UTF-8');
+									$outputValue = utils::EscapeHtml($rawValue);
 								}
 								$aRow[$oAttDef->GetCode()] = $outputValue;
 							}
@@ -1895,7 +1893,7 @@ HTML
 							{
 								$rawValue = $oObj->Get($sAttCodeEx);
 								$outputValue = str_replace("\n", "<br/>",
-									htmlentities($rawValue->__toString(), ENT_QUOTES, 'UTF-8'));
+									utils::EscapeHtml($rawValue->__toString()));
 								// Trick for Excel: treat the content as text even if it begins with an equal sign
 								$aRow[] = '<td x:str>'.$outputValue.'</td>';
 							}
@@ -1912,14 +1910,11 @@ HTML
 										$rawValue = '';
 									}
 								}
-								if ($bLocalize)
-								{
-									$outputValue = htmlentities($oFinalAttDef->GetEditValue($rawValue), ENT_QUOTES,
-										'UTF-8');
+								if ($bLocalize) {
+									$outputValue = utils::EscapeHtml($oFinalAttDef->GetEditValue($rawValue));
 								}
-								else
-								{
-									$outputValue = htmlentities($rawValue, ENT_QUOTES, 'UTF-8');
+								else {
+									$outputValue = utils::EscapeHtml($rawValue);
 								}
 								$aRow[] = '<td>'.$outputValue.'</td>';
 							}
@@ -2156,7 +2151,7 @@ HTML;
 					$sHours = "<input class=\"ibo-input ibo-input-duration\" title=\"$sHelpText\" type=\"text\" size=\"2\" name=\"attr_{$sFieldPrefix}{$sAttCode}[h]{$sNameSuffix}\" value=\"{$aVal['hours']}\" id=\"{$iId}_h\"/>";
 					$sMinutes = "<input class=\"ibo-input ibo-input-duration\" title=\"$sHelpText\" type=\"text\" size=\"2\" name=\"attr_{$sFieldPrefix}{$sAttCode}[m]{$sNameSuffix}\" value=\"{$aVal['minutes']}\" id=\"{$iId}_m\"/>";
 					$sSeconds = "<input class=\"ibo-input ibo-input-duration\" title=\"$sHelpText\" type=\"text\" size=\"2\" name=\"attr_{$sFieldPrefix}{$sAttCode}[s]{$sNameSuffix}\" value=\"{$aVal['seconds']}\" id=\"{$iId}_s\"/>";
-					$sHidden = "<input type=\"hidden\" id=\"{$iId}\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\"/>";
+					$sHidden = "<input type=\"hidden\" id=\"{$iId}\" value=\"".utils::EscapeHtml($value)."\"/>";
 					$sHTMLValue = Dict::Format('UI:DurationForm_Days_Hours_Minutes_Seconds', $sDays, $sHours, $sMinutes, $sSeconds).$sHidden."&nbsp;".$sValidationSpan.$sReloadSpan;
 					$oPage->add_ready_script("$('#{$iId}').on('update', function(evt, sFormId) { return ToggleDurationField('$iId'); });");
 					break;
@@ -2166,8 +2161,7 @@ HTML;
 					$aEventsList[] = 'validate';
 					$aEventsList[] = 'keyup';
 					$aEventsList[] = 'change';
-					$sHTMLValue = "<div class=\"field_input_zone field_input_password ibo-input-wrapper ibo-input-password-wrapper\" data-validation=\"untouched\"><input class=\"ibo-input ibo-input-password\" title=\"$sHelpText\" type=\"password\" name=\"attr_{$sFieldPrefix}{$sAttCode}{$sNameSuffix}\" value=\"".htmlentities($value,
-							ENT_QUOTES, 'UTF-8')."\" id=\"$iId\"/></div>{$sValidationSpan}{$sReloadSpan}";
+					$sHTMLValue = "<div class=\"field_input_zone field_input_password ibo-input-wrapper ibo-input-password-wrapper\" data-validation=\"untouched\"><input class=\"ibo-input ibo-input-password\" title=\"$sHelpText\" type=\"password\" name=\"attr_{$sFieldPrefix}{$sAttCode}{$sNameSuffix}\" value=\"".utils::EscapeHtml($value)."\" id=\"$iId\"/></div>{$sValidationSpan}{$sReloadSpan}";
 					break;
 
 				case 'OQLExpression':
@@ -2319,13 +2313,13 @@ EOF
 
 					$sHeader = '<div class="ibo-caselog-entry-form--actions"><div class="""ibo-caselog-entry-form--actions" data-role="ibo-caselog-entry-form--action-buttons--extra-actions"></div></div>'; // will be hidden in CSS (via :empty) if it remains empty
 					$sEditValue = is_object($value) ? $value->GetModifiedEntry('html') : '';
-					$sPreviousLog = is_object($value) ? $value->GetAsHTML($oPage, true /* bEditMode */,  array('AttributeText', 'RenderWikiHtml')) : '';
+					$sPreviousLog = is_object($value) ? $value->GetAsHTML($oPage, true /* bEditMode */, array('AttributeText', 'RenderWikiHtml')) : '';
 					$iEntriesCount = is_object($value) ? count($value->GetIndex()) : 0;
 					$sHidden = "<input type=\"hidden\" id=\"{$iId}_count\" value=\"$iEntriesCount\"/>"; // To know how many entries the case log already contains
 
 					$sHTMLValue = "$sHeader<div class=\"ibo-caselog-entry-form--text-input\" $sStyle data-role=\"ibo-caselog-entry-form--text-input\">";
-					$sHTMLValue .=	"<textarea class=\"htmlEditor ibo-input-richtext-placeholder\" style=\"border:0;width:100%\" title=\"$sHelpText\" name=\"attr_{$sFieldPrefix}{$sAttCode}{$sNameSuffix}\" rows=\"8\" cols=\"40\" id=\"$iId\">".htmlentities($sEditValue,ENT_QUOTES,'UTF-8')."</textarea>";
-					$sHTMLValue .=	"$sPreviousLog</div>{$sValidationSpan}{$sReloadSpan}$sHidden";
+					$sHTMLValue .= "<textarea class=\"htmlEditor ibo-input-richtext-placeholder\" style=\"border:0;width:100%\" title=\"$sHelpText\" name=\"attr_{$sFieldPrefix}{$sAttCode}{$sNameSuffix}\" rows=\"8\" cols=\"40\" id=\"$iId\">".utils::EscapeHtml($sEditValue)."</textarea>";
+					$sHTMLValue .= "$sPreviousLog</div>{$sValidationSpan}{$sReloadSpan}$sHidden";
 
 					// Note: This should be refactored for all types of attribute (see at the end of this function) but as we are doing this for a maintenance release, we are scheduling it for the next main release in to order to avoid regressions as much as possible.
 					$sNullValue = $oAttDef->GetNullValue();
@@ -2570,16 +2564,16 @@ JS
 
 				case 'Set':
 				case 'TagSet':
-					$sInputType = self::ENUM_INPUT_TYPE_TAGSET;
-					$oPage->add_linked_script(utils::GetAbsoluteUrlAppRoot().'js/selectize.min.js');
-					$oPage->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/selectize.default.css');
-					$oPage->add_linked_script(utils::GetAbsoluteUrlAppRoot().'js/jquery.itop-set-widget.js');
+				$sInputType = self::ENUM_INPUT_TYPE_TAGSET;
+				$oPage->add_linked_script(utils::GetAbsoluteUrlAppRoot().'js/selectize.min.js');
+				$oPage->add_linked_stylesheet(utils::GetAbsoluteUrlAppRoot().'css/selectize.default.css');
+				$oPage->add_linked_script(utils::GetAbsoluteUrlAppRoot().'js/jquery.itop-set-widget.js');
 
-					$oPage->add_dict_entry('Core:AttributeSet:placeholder');
+				$oPage->add_dict_entry('Core:AttributeSet:placeholder');
 
-					/** @var \ormSet $value */
+				/** @var \ormSet $value */
 				$sJson = $oAttDef->GetJsonForWidget($value, $aArgs);
-				$sEscapedJson = htmlentities($sJson, ENT_QUOTES, 'UTF-8');
+				$sEscapedJson = utils::EscapeHtml($sJson);
 				$sSetInputName = "attr_{$sFormPrefix}{$sAttCode}";
 
 				// handle form validation
@@ -3692,8 +3686,7 @@ HTML;
 						break;
 
 					default:
-						$oPage->add("<pre>".htmlentities(MyHelpers::beautifulstr($data, 1000, true), ENT_QUOTES,
-								'UTF-8')."</pre>\n");
+						$oPage->add("<pre>".utils::EscapeHtml(MyHelpers::beautifulstr($data, 1000, true))."</pre>\n");
 				}
 				break;
 
@@ -4734,9 +4727,8 @@ HTML;
 				{
 					$aReasons = array();
 					$sTip = '';
-					foreach($aReasons as $aRow)
-					{
-						$sDescription = htmlentities($aRow['description'], ENT_QUOTES, 'UTF-8');
+					foreach($aReasons as $aRow) {
+						$sDescription = utils::EscapeHtml($aRow['description']);
 						$sDescription = str_replace(array("\r\n", "\n"), "<br/>", $sDescription);
 						$sTip .= "<div class=\"synchro-source\">";
 						$sTip .= "<div class=\"synchro-source-title\">Synchronized with {$aRow['name']}</div>";
@@ -4748,8 +4740,7 @@ HTML;
 
 				// Attribute is read-only
 				$sHTMLValue = $this->GetAsHTML($sAttCode);
-				$sHTMLValue .= '<input type="hidden" id="'.$sInputId.'" name="attr_'.$sPrefix.$sAttCode.'" value="'.htmlentities($this->GetEditValue($sAttCode),
-						ENT_QUOTES, 'UTF-8').'"/>';
+				$sHTMLValue .= '<input type="hidden" id="'.$sInputId.'" name="attr_'.$sPrefix.$sAttCode.'" value="'.utils::EscapeHtml($this->GetEditValue($sAttCode)).'"/>';
 				$aFieldsMap[$sAttCode] = $sInputId;
 			}
 			else
diff --git a/application/forms.class.inc.php b/application/forms.class.inc.php
index a2cee1598..3a720c39b 100644
--- a/application/forms.class.inc.php
+++ b/application/forms.class.inc.php
@@ -838,7 +838,8 @@ class DesignerFormField
 	{
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		return array('label' => $this->sLabel, 'value' => "<input type=\"text\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">");
+
+		return array('label' => $this->sLabel, 'value' => "<input type=\"text\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">");
 	}
 
 	/**
@@ -1012,9 +1013,8 @@ class DesignerTextField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		if ($this->IsReadOnly())
-		{
-			$sHtmlValue = "<span>".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\"/></span>";
+		if ($this->IsReadOnly()) {
+			$sHtmlValue = "<span>".utils::EscapeHtml($this->defaultValue)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\"/></span>";
 		}
 		else
 		{
@@ -1038,11 +1038,10 @@ $('#$sId').on('change keyup validate', function() { ValidateWithPattern('$sId',
 EOF
 			);
 			$sCSSClasses = '';
-			if (count($this->aCSSClasses) > 0)
-			{
+			if (count($this->aCSSClasses) > 0) {
 				$sCSSClasses = 'class="'.implode(' ', $this->aCSSClasses).'"';
 			}
-			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">";
+			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">";
 		}
 		return array('label' => $this->sLabel, 'value' => $sHtmlValue);
 	}
@@ -1101,10 +1100,9 @@ class DesignerLongTextField extends DesignerTextField
 		{
 			$sCSSClasses = 'class="'.implode(' ', $this->aCSSClasses).'"';
 		}
-		if (!$this->IsReadOnly())
-		{
+		if (!$this->IsReadOnly()) {
 			$oP->add_ready_script(
-<<<EOF
+				<<<EOF
 $('#$sId').on('change keyup validate', function() { ValidateWithPattern('$sId', $sMandatory, '$sPattern',  $(this).closest('form').attr('id'), $sForbiddenValues); } );
 {
 	var myTimer = null;
@@ -1112,11 +1110,10 @@ $('#$sId').on('change keyup validate', function() { ValidateWithPattern('$sId',
 }
 EOF
 			);
-			$sValue = "<textarea $sCSSClasses id=\"$sId\" name=\"$sName\">".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."</textarea>";
+			$sValue = "<textarea $sCSSClasses id=\"$sId\" name=\"$sName\">".utils::EscapeHtml($this->defaultValue)."</textarea>";
 		}
-		else
-		{
-			$sValue = "<div $sCSSClasses id=\"$sId\">".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."</div>";
+		else {
+			$sValue = "<div $sCSSClasses id=\"$sId\">".utils::EscapeHtml($this->defaultValue)."</div>";
 		}
 		return array('label' => $this->sLabel, 'value' => $sValue);
 	}
@@ -1145,9 +1142,8 @@ class DesignerIntegerField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		if ($this->IsReadOnly())
-		{
-			$sHtmlValue = "<span>".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\"/></span>";
+		if ($this->IsReadOnly()) {
+			$sHtmlValue = "<span>".utils::EscapeHtml($this->defaultValue)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\"/></span>";
 		}
 		else
 		{
@@ -1164,11 +1160,10 @@ $('#$sId').on('change keyup validate', function() { ValidateInteger('$sId', $sMa
 EOF
 			);
 			$sCSSClasses = '';
-			if (count($this->aCSSClasses) > 0)
-			{
+			if (count($this->aCSSClasses) > 0) {
 				$sCSSClasses = 'class="'.implode(' ', $this->aCSSClasses).'"';
 			}
-			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">";
+			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">";
 		}
 		return array('label' => $this->sLabel, 'value' => $sHtmlValue);
 	}
@@ -1289,22 +1284,18 @@ class DesignerComboField extends DesignerFormField
 			{
 				if ($this->bMultipleSelection)
 				{
-					if(in_array($sKey, $this->defaultValue))
-					{
+					if(in_array($sKey, $this->defaultValue)) {
 						$aSelected[] = $sDisplayValue;
-						$aHiddenValues[] = "<input type=\"hidden\" name=\"{$sName}[]\" value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\"/>";
+						$aHiddenValues[] = "<input type=\"hidden\" name=\"{$sName}[]\" value=\"".utils::EscapeHtml($sKey)."\"/>";
 					}
-				}
-				else
-				{
-					if ($sKey == $this->defaultValue)
-					{
+				} else {
+					if ($sKey == $this->defaultValue) {
 						$aSelected[] = $sDisplayValue;
-						$aHiddenValues[] = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\"/>";
+						$aHiddenValues[] = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($sKey)."\"/>";
 					}
 				}
 			}
-			$sHtml = "<span $sCSSClasses>".htmlentities(implode(', ', $aSelected), ENT_QUOTES, 'UTF-8').implode($aHiddenValues)."</span>";
+			$sHtml = "<span $sCSSClasses>".utils::EscapeHtml(implode(', ', $aSelected)).implode($aHiddenValues)."</span>";
 		}
 		else
 		{
@@ -1328,7 +1319,7 @@ class DesignerComboField extends DesignerFormField
 				}
 				// Quick and dirty: display the menu parents as a tree
 				$sHtmlValue = str_replace(' ', '&nbsp;', $sDisplayValue);
-				$sHtml .= "<option value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\" $sSelected>$sHtmlValue</option>";
+				$sHtml .= "<option value=\"".utils::EscapeHtml($sKey)."\" $sSelected>$sHtmlValue</option>";
 			}
 			$sHtml .= "</select></span>";
 			if ($this->bOtherChoices)
@@ -1379,10 +1370,9 @@ class DesignerBooleanField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
 		$sChecked = $this->defaultValue ? 'checked' : '';
-		if ($this->IsReadOnly())
-		{
+		if ($this->IsReadOnly()) {
 			$sLabel = $this->defaultValue ? Dict::S('UI:UserManagement:ActionAllowed:Yes') : Dict::S('UI:UserManagement:ActionAllowed:No'); //TODO use our own yes/no translations
-			$sHtmlValue = "<span>".htmlentities($sLabel)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\"/></span>";
+			$sHtmlValue = "<span>".utils::EscapeHtml($sLabel)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\"/></span>";
 		}
 		else
 		{
@@ -1518,7 +1508,7 @@ class DesignerIconSelectionField extends DesignerFormField
 EOF
 			);
 		} else {
-			$sValue = '<span style="display:inline-block;line-height:48px;height:48px;"><span><img style="vertical-align:middle" src="'.$this->aAllowedValues[$idx]['icon'].'" />&nbsp;'.htmlentities($this->aAllowedValues[$idx]['label'], ENT_QUOTES, 'UTF-8').'</span></span>';
+			$sValue = '<span style="display:inline-block;line-height:48px;height:48px;"><span><img style="vertical-align:middle" src="'.$this->aAllowedValues[$idx]['icon'].'" />&nbsp;'.utils::EscapeHtml($this->aAllowedValues[$idx]['label']).'</span></span>';
 		}
 		$sReadOnly = $this->IsReadOnly() ? 'disabled' : '';
 		return array('label' => $this->sLabel, 'value' => $sValue);
@@ -1665,14 +1655,14 @@ class DesignerSortableField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
 		$sReadOnly = $this->IsReadOnly() ? 'readonly="readonly"' : '';
-		$aResult = array('label' => $this->sLabel, 'value' => "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" $sReadOnly value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">");
-		
+		$aResult = array('label' => $this->sLabel, 'value' => "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" $sReadOnly value=\"".utils::EscapeHtml($this->defaultValue)."\">");
+
 
 		$sJSFields = json_encode(array_keys($this->aAllowedValues));
 		$oP->add_ready_script(
 			"$('#$sId').sortable_field({aAvailableFields: $sJSFields});"
 		);
-		
+
 		return $aResult;
 	}
 }
@@ -1761,8 +1751,8 @@ class DesignerFormSelectorField extends DesignerFormField
 			foreach ($this->aSubForms as $iKey => $aFormData) {
 				if ($iKey == $this->defaultValue) // Default value is actually the index
 				{
-					$sDisplayValue = htmlentities($aFormData['label'], ENT_QUOTES, 'UTF-8');
-					$sHiddenValue = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($iKey, ENT_QUOTES, 'UTF-8')."\"/>";
+					$sDisplayValue = utils::EscapeHtml($aFormData['label']);
+					$sHiddenValue = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($iKey)."\"/>";
 					break;
 				}
 			}
@@ -1770,8 +1760,8 @@ class DesignerFormSelectorField extends DesignerFormField
 		} else {
 			$sHtml = "<span class=\"ibo-input-select-wrapper\"><select $sCSSClasses id=\"$sId\" name=\"$sName\" $sReadOnly>";
 			foreach ($this->aSubForms as $iKey => $aFormData) {
-				$sDisplayValue = htmlentities($aFormData['label'], ENT_QUOTES, 'UTF-8');
-				$sValue = htmlentities($aFormData['value'], ENT_QUOTES, 'UTF-8');
+				$sDisplayValue = utils::EscapeHtml($aFormData['label']);
+				$sValue = utils::EscapeHtml($aFormData['value']);
 				$sSelected = ($iKey == $this->defaultValue) ? 'selected' : '';
 				$sHtml .= "<option data-value=\"$sValue\" value=\"$iKey\" $sSelected>".$sDisplayValue."</option>";
 			}
diff --git a/application/template.class.inc.php b/application/template.class.inc.php
index a8ecd7c68..107a8c92f 100644
--- a/application/template.class.inc.php
+++ b/application/template.class.inc.php
@@ -351,7 +351,7 @@ class ObjectDetailsTemplate extends DisplayTemplate
 							$sTip = '';
 							foreach($aReasons as $aRow)
 							{
-								$sDescription = htmlentities($aRow['description'], ENT_QUOTES, 'UTF-8');
+								$sDescription = utils::EscapeHtml($aRow['description']);
 								$sDescription = str_replace(array("\r\n", "\n"), "<br/>", $sDescription);
 								$sTip .= "<div class='synchro-source'>";
 								$sTip .= "<div class='synchro-source-title'>Synchronized with {$aRow['name']}</div>";
@@ -359,10 +359,10 @@ class ObjectDetailsTemplate extends DisplayTemplate
 							}
 							$oPage->add_ready_script("$('#synchro_$iInputId').qtip( { content: '$sTip', show: 'mouseover', hide: 'mouseout', style: { name: 'dark', tip: 'leftTop' }, position: { corner: { target: 'rightMiddle', tooltip: 'leftTop' }} } );");
 						}
-	
+
 						// Attribute is read-only
 						$sHTMLValue = "<span id=\"field_{$iInputId}\">".$this->m_oObj->GetAsHTML($sAttCode);
-						$sHTMLValue .= '<input type="hidden" id="'.$iInputId.'" name="attr_'.$sAttCode.'" value="'.htmlentities($this->m_oObj->Get($sAttCode), ENT_QUOTES, 'UTF-8').'"/></span>';
+						$sHTMLValue .= '<input type="hidden" id="'.$iInputId.'" name="attr_'.$sAttCode.'" value="'.utils::EscapeHtml($this->m_oObj->Get($sAttCode)).'"/></span>';
 						$aFieldsMap[$sAttCode] = $iInputId;
 						$aParams['this->comments('.$sAttCode.')'] = $sSynchroIcon;
 					}
diff --git a/application/ui.extkeywidget.class.inc.php b/application/ui.extkeywidget.class.inc.php
index 4f123fab2..c54cec21b 100644
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -610,7 +610,7 @@ EOF
 			$sHTMLValue .= "<div class=\"ibo-input-select--action-buttons\"><span class=\"field_input_btn\"><div class=\"mini_button ibo-input-select--action-button\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\"><i class=\"fas fa-search\"></i></div></span></div>";
 
 			// another hidden input to store & pass the object's Id
-			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" />\n";
+			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".utils::EscapeHtml($value)."\" />\n";
 
 			$JSSearchMode = $this->bSearchMode ? 'true' : 'false';
 			// Scripts to start the autocomplete and bind some events to it
@@ -962,7 +962,7 @@ HTML
 		foreach (MetaModel::ListAttributeDefs($this->sTargetClass) as $sAttCode => $oAttDef) {
 			if (($oAttDef instanceof AttributeBlob) || (false)) {
 				$aFieldsFlags[$sAttCode] = OPT_ATT_READONLY;
-				$aFieldsComments[$sAttCode] = '&nbsp;<img src="../images/transp-lock.png" style="vertical-align:middle" title="'.htmlentities(Dict::S('UI:UploadNotSupportedInThisMode')).'"/>';
+				$aFieldsComments[$sAttCode] = '&nbsp;<img src="../images/transp-lock.png" style="vertical-align:middle" title="'.utils::EscapeHtml(Dict::S('UI:UploadNotSupportedInThisMode')).'"/>';
 			}
 		}
 		cmdbAbstractObject::DisplayCreationForm($oPage, $this->sTargetClass, $oNewObj, array(), array('formPrefix' => $this->iId, 'noRelations' => true, 'fieldsFlags' => $aFieldsFlags, 'fieldsComments' => $aFieldsComments));
diff --git a/application/ui.passwordwidget.class.inc.php b/application/ui.passwordwidget.class.inc.php
index 16e333ab3..58aca4fa3 100644
--- a/application/ui.passwordwidget.class.inc.php
+++ b/application/ui.passwordwidget.class.inc.php
@@ -60,8 +60,8 @@ class UIPasswordWidget
 		$sChangedValue = (($sPasswordValue != '*****') || ($sConfirmPasswordValue != '*****')) ? 1 : 0;
 		$sHtmlValue = '';
 		$sHtmlValue .= '<div class="field_input_zone field_input_onewaypassword ibo-input-wrapper ibo-input-one-way-password-wrapper">';
-		$sHtmlValue .= '<input class="ibo-input" type="password" maxlength="255" name="attr_'.$sCode.'[value]" id="'.$this->iId.'" value="'.htmlentities($sPasswordValue, ENT_QUOTES, 'UTF-8').'"/>';
-		$sHtmlValue .= '<div class="ibo-input-wrapper ibo-input-wrapper--with-buttons"><input class="ibo-input" type="password" maxlength="255" id="'.$this->iId.'_confirm" value="'.htmlentities($sConfirmPasswordValue, ENT_QUOTES, 'UTF-8').'" name="attr_'.$sCode.'[confirm]"/>';
+		$sHtmlValue .= '<input class="ibo-input" type="password" maxlength="255" name="attr_'.$sCode.'[value]" id="'.$this->iId.'" value="'.utils::EscapeHtml($sPasswordValue).'"/>';
+		$sHtmlValue .= '<div class="ibo-input-wrapper ibo-input-wrapper--with-buttons"><input class="ibo-input" type="password" maxlength="255" id="'.$this->iId.'_confirm" value="'.utils::EscapeHtml($sConfirmPasswordValue).'" name="attr_'.$sCode.'[confirm]"/>';
 		$sHtmlValue .= '<div class="ibo-input-select--action-buttons"><div class="ibo-input-select--action-button ibo-input-select--action-button--create" data-tooltip-content="'.Dict::S('UI:PasswordConfirm').'"><i class="fas fa-question-circle"></i></div></div></div>';
 		$sHtmlValue .= '<button id="'.$this->iId.'_reset" class="ibo-button ibo-is-regular ibo-is-neutral" onClick="ResetPwd(\''.$this->iId.'\');">';
 		$sHtmlValue .= '<span class="ibo-button--icon fas fa-undo"></span><span class="ibo-button--label">'.Dict::S('UI:Button:ResetPassword').'</span></button>';
diff --git a/application/utils.inc.php b/application/utils.inc.php
index cf972a9b7..2dc6333f1 100644
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -813,21 +813,20 @@ class utils
 	 */
 	public static function StringToTime($sDate, $sFormat)
 	{
-	   // Source: http://php.net/manual/fr/function.strftime.php
+		// Source: http://php.net/manual/fr/function.strftime.php
 		// (alternative: http://www.php.net/manual/fr/datetime.formats.date.php)
 		static $aDateTokens = null;
 		static $aDateRegexps = null;
-		if (is_null($aDateTokens))
-		{
-		   $aSpec = array(
-				'%d' =>'(?<day>[0-9]{2})',
+		if (is_null($aDateTokens)) {
+			$aSpec = array(
+				'%d' => '(?<day>[0-9]{2})',
 				'%m' => '(?<month>[0-9]{2})',
 				'%y' => '(?<year>[0-9]{2})',
 				'%Y' => '(?<year>[0-9]{4})',
 				'%H' => '(?<hour>[0-2][0-9])',
 				'%i' => '(?<minute>[0-5][0-9])',
 				'%s' => '(?<second>[0-5][0-9])',
-				);
+			);
 			$aDateTokens = array_keys($aSpec);
 			$aDateRegexps = array_values($aSpec);
 		}
@@ -1892,7 +1891,8 @@ class utils
 	{
 		$sText = str_replace("\r\n", "\n", $sText);
 		$sText = str_replace("\r", "\n", $sText);
-		return str_replace("\n", '<br/>', htmlentities($sText, ENT_QUOTES, 'UTF-8'));
+
+		return str_replace("\n", '<br/>', utils::EscapeHtml($sText));
 	}
 	
 	/**
diff --git a/core/MyHelpers.class.inc.php b/core/MyHelpers.class.inc.php
index f5260d987..d3f47be31 100644
--- a/core/MyHelpers.class.inc.php
+++ b/core/MyHelpers.class.inc.php
@@ -470,9 +470,9 @@ class Str
 	public static function pure2html($pure, $maxLength = false)
 	{
 		// Check for HTML entities, but be careful the DB is in UTF-8
-		return $maxLength                                         
-			? htmlentities(substr($pure, 0, $maxLength), ENT_QUOTES, 'UTF-8')
-			: htmlentities($pure, ENT_QUOTES, 'UTF-8');
+		return $maxLength
+			? utils::EscapeHtml(substr($pure, 0, $maxLength))
+			: utils::EscapeHtml($pure);
 	}
 	public static function pure2sql($pure, $maxLength = false)
 	{
diff --git a/core/attributedef.class.inc.php b/core/attributedef.class.inc.php
index f2931a08d..f55087dcb 100644
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -12776,7 +12776,7 @@ class AttributeCustomFields extends AttributeDefinition
 			$sRet = $value->GetAsHTML($bLocalize);
 		} catch (Exception $e)
 		{
-			$sRet = 'Custom field error: '.htmlentities($e->getMessage(), ENT_QUOTES, 'UTF-8');
+			$sRet = 'Custom field error: '.utils::EscapeHtml($e->getMessage());
 		}
 
 		return $sRet;
diff --git a/core/cmdbchangeop.class.inc.php b/core/cmdbchangeop.class.inc.php
index d4d90e308..516436093 100644
--- a/core/cmdbchangeop.class.inc.php
+++ b/core/cmdbchangeop.class.inc.php
@@ -875,7 +875,7 @@ class CMDBChangeOpSetAttributeCaseLog extends CMDBChangeOpSetAttribute
 	 */
 	protected function ToHtml($sRawText)
 	{
-		return str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sRawText, ENT_QUOTES, 'UTF-8'));
+		return str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sRawText));
 	}
 }
 
@@ -1167,9 +1167,8 @@ class CMDBChangeOpSetAttributeCustomFields extends CMDBChangeOpSetAttribute
 					$oHandler = $oAttDef->GetHandler($aValues);
 					$sValueDesc = $oHandler->GetAsHTML($aValues);
 				}
-				catch (Exception $e)
-				{
-					$sValueDesc = 'Custom field error: '.htmlentities($e->getMessage(), ENT_QUOTES, 'UTF-8');
+				catch (Exception $e) {
+					$sValueDesc = 'Custom field error: '.utils::EscapeHtml($e->getMessage());
 				}
 				$sTextView = '<div>'.$sValueDesc.'</div>';
 
diff --git a/core/config.class.inc.php b/core/config.class.inc.php
index 536d0946c..9111586cc 100644
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -1879,7 +1879,7 @@ class Config
 		{
 			// Note: sNoise is an html output, but so far it was ok for me (e.g. showing the entire call stack) 
 			throw new ConfigException('Syntax error in configuration file',
-				array('file' => $sConfigFile, 'error' => '<tt>'.htmlentities($sNoise, ENT_QUOTES, 'UTF-8').'</tt>'));
+				array('file' => $sConfigFile, 'error' => '<tt>'.utils::EscapeHtml($sNoise, ENT_QUOTES).'</tt>'));
 		}
 
 		if (!isset($MySettings) || !is_array($MySettings))
diff --git a/core/csvbulkexport.class.inc.php b/core/csvbulkexport.class.inc.php
index 50a92f8f0..dd445217e 100644
--- a/core/csvbulkexport.class.inc.php
+++ b/core/csvbulkexport.class.inc.php
@@ -125,8 +125,8 @@ class CSVBulkExport extends TabularBulkExport
 				$sRawSeparator = utils::ReadParam('separator', ',', true, 'raw_data');
 				$sCustomDateTimeFormat = utils::ReadParam('', ',', true, 'raw_data');
 				$aSep = array(
-					';' => Dict::S('UI:CSVImport:SeparatorSemicolon+'),
-					',' => Dict::S('UI:CSVImport:SeparatorComma+'),
+					';'   => Dict::S('UI:CSVImport:SeparatorSemicolon+'),
+					','   => Dict::S('UI:CSVImport:SeparatorComma+'),
 					'tab' => Dict::S('UI:CSVImport:SeparatorTab+'),
 				);
 				$sOtherSeparator = '';
@@ -134,10 +134,10 @@ class CSVBulkExport extends TabularBulkExport
 					$sOtherSeparator = $sRawSeparator;
 					$sRawSeparator = 'other';
 				}
-				$aSep['other'] = Dict::S('UI:CSVImport:SeparatorOther').' <input type="text" size="3" name="other-separator" value="'.htmlentities($sOtherSeparator, ENT_QUOTES, 'UTF-8').'"/>';
+				$aSep['other'] = Dict::S('UI:CSVImport:SeparatorOther').' <input type="text" size="3" name="other-separator" value="'.utils::EscapeHtml($sOtherSeparator).'"/>';
 
 				foreach ($aSep as $sVal => $sLabel) {
-					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "separator", htmlentities($sVal, ENT_QUOTES, 'UTF-8'), $sLabel, "radio");
+					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "separator", utils::EscapeHtml($sVal), $sLabel, "radio");
 					$oRadio->GetInput()->SetIsChecked(($sVal == $sRawSeparator));
 					$oRadio->SetBeforeInput(false);
 					$oRadio->GetInput()->AddCSSClass('ibo-input--label-right');
@@ -152,7 +152,7 @@ class CSVBulkExport extends TabularBulkExport
 
 				$sRawQualifier = utils::ReadParam('text-qualifier', '"', true, 'raw_data');
 				$aQualifiers = array(
-					'"' => Dict::S('UI:CSVImport:QualifierDoubleQuote+'),
+					'"'  => Dict::S('UI:CSVImport:QualifierDoubleQuote+'),
 					'\'' => Dict::S('UI:CSVImport:QualifierSimpleQuote+'),
 				);
 				$sOtherQualifier = '';
@@ -160,10 +160,10 @@ class CSVBulkExport extends TabularBulkExport
 					$sOtherQualifier = $sRawQualifier;
 					$sRawQualifier = 'other';
 				}
-				$aQualifiers['other'] = Dict::S('UI:CSVImport:QualifierOther').' <input type="text" size="3" name="other-text-qualifier" value="'.htmlentities($sOtherQualifier, ENT_QUOTES, 'UTF-8').'"/>';
+				$aQualifiers['other'] = Dict::S('UI:CSVImport:QualifierOther').' <input type="text" size="3" name="other-text-qualifier" value="'.utils::EscapeHtml($sOtherQualifier).'"/>';
 
 				foreach ($aQualifiers as $sVal => $sLabel) {
-					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "text-qualifier", htmlentities($sVal, ENT_QUOTES, 'UTF-8'), $sLabel, "radio");
+					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "text-qualifier", utils::EscapeHtml($sVal), $sLabel, "radio");
 					$oRadio->GetInput()->SetIsChecked(($sVal == $sRawSeparator));
 					$oRadio->SetBeforeInput(false);
 					$oRadio->GetInput()->AddCSSClass('ibo-input--label-right');
@@ -209,8 +209,8 @@ class CSVBulkExport extends TabularBulkExport
 
 				$sDateTimeFormat = utils::ReadParam('date_format', (string)AttributeDateTime::GetFormat(), true, 'raw_data');
 
-				$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-				$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+				$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+				$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 				$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatDefault_Example', $sDefaultFormat, $sExample), "csv_date_format_radio", "default", "csv_date_time_format_default", "radio");
 				$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 				$oRadioDefault->SetBeforeInput(false);
@@ -218,7 +218,7 @@ class CSVBulkExport extends TabularBulkExport
 				$oFieldSetDate->AddSubBlock($oRadioDefault);
 				$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-				$sFormatInput = '<input type="text" size="15" name="date_format" id="csv_custom_date_time_format" title="" value="'.htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+				$sFormatInput = '<input type="text" size="15" name="date_format" id="csv_custom_date_time_format" title="" value="'.utils::EscapeHtml($sDateTimeFormat).'"/>';
 				$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatCustom_Format', $sFormatInput), "csv_date_format_radio", "custom", "csv_date_time_format_custom", "radio");
 				$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 				$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
@@ -246,17 +246,18 @@ EOF
 	}
 
 	protected function GetSampleData($oObj, $sAttCode)
-	{	
-		if ($sAttCode != 'id')
-		{
+	{
+		if ($sAttCode != 'id') {
 			$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
-		return '<div class="text-preview">'.htmlentities($this->GetValue($oObj, $sAttCode), ENT_QUOTES, 'UTF-8').'</div>';
+
+		return '<div class="text-preview">'.utils::EscapeHtml($this->GetValue($oObj, $sAttCode)).'</div>';
 	}
 
 	protected function GetValue($oObj, $sAttCode)
diff --git a/core/dbobject.class.php b/core/dbobject.class.php
index 48b27e305..2cc199b25 100644
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -1088,9 +1088,10 @@ abstract class DBObject implements iDisplay
 			}
 			else
 			{
-				$sHtmlLabel = htmlentities($this->Get($sAttCode.'_friendlyname'), ENT_QUOTES, 'UTF-8');
+				$sHtmlLabel = utils::EscapeHtml($this->Get($sAttCode.'_friendlyname'));
 				$bArchived = $this->IsArchived($sAttCode);
 				$bObsolete = $this->IsObsolete($sAttCode);
+
 				return $this->MakeHyperLink($sTargetClass, $iTargetKey, $sHtmlLabel, null, true, $bArchived, $bObsolete);
 			}
 		}
@@ -1588,7 +1589,7 @@ abstract class DBObject implements iDisplay
 	 */
 	public function GetName($sType = FriendlyNameType::SHORT)
 	{
-		return htmlentities($this->GetRawName($sType), ENT_QUOTES, 'UTF-8');
+		return utils::EscapeHtml($this->GetRawName($sType));
 	}
 
 	/**
diff --git a/core/designdocument.class.inc.php b/core/designdocument.class.inc.php
index 29c1fe743..97c65c5d3 100644
--- a/core/designdocument.class.inc.php
+++ b/core/designdocument.class.inc.php
@@ -93,13 +93,12 @@ class DesignDocument extends DOMDocument
 	public function Dump($bReturnRes = false)
 	{
 		$sXml = $this->saveXML();
-		if ($bReturnRes)
-		{
+		if ($bReturnRes) {
 			return $sXml;
 		}
 
 		echo "<pre>\n";
-		echo htmlentities($sXml);
+		echo utils::EscapeHtml($sXml);
 		echo "</pre>\n";
 
 		return '';
@@ -192,13 +191,13 @@ class DesignElement extends \DOMElement
 		$oDoc->appendChild($oClone);
 
 		$sXml = $oDoc->saveXML($oClone);
-		if ($bReturnRes)
-		{
+		if ($bReturnRes) {
 			return $sXml;
 		}
 		echo "<pre>\n";
-		echo htmlentities($sXml);
+		echo utils::EscapeHtml($sXml);
 		echo "</pre>\n";
+
 		return '';
 	}
 	/**
diff --git a/core/displayablegraph.class.inc.php b/core/displayablegraph.class.inc.php
index 330e585e8..0602e4e8d 100644
--- a/core/displayablegraph.class.inc.php
+++ b/core/displayablegraph.class.inc.php
@@ -459,11 +459,10 @@ class DisplayableNode extends GraphNode
 			{
 				$aContext = $aContextDefs[$key];
 				$aRootCauses = array();
-				foreach($aObjects as $oRootCause)
-				{
+				foreach ($aObjects as $oRootCause) {
 					$aRootCauses[] = $oRootCause->GetHyperlink();
 				}
-				$sHtml .= '<p><img style="max-height: 24px; vertical-align:bottom;" class="ibo-class-icon ibo-is-small" src="'.utils::GetAbsoluteUrlModulesRoot().$aContext['icon'].'" title="'.htmlentities(Dict::S($aContext['dict'])).'">&nbsp;'.implode(', ', $aRootCauses).'</p>';
+				$sHtml .= '<p><img style="max-height: 24px; vertical-align:bottom;" class="ibo-class-icon ibo-is-small" src="'.utils::GetAbsoluteUrlModulesRoot().$aContext['icon'].'" title="'.utils::EscapeHtml(Dict::S($aContext['dict'])).'">&nbsp;'.implode(', ', $aRootCauses).'</p>';
 			}
 			$sHtml .= '<hr/>';
 		}
@@ -1335,18 +1334,17 @@ class DisplayableGraph extends SimpleGraph
 		}
 		$oPdf->Rect($xMin, $yMin, $fMaxWidth + $fIconSize + 3*$fPadding, $yMax - $yMin, 'D');
 
-		if ($sComments != '')
-		{
+		if ($sComments != '') {
 			// Draw the comment text (surrounded by a rectangle)
-			$xPos = $xMin + $fMaxWidth + $fIconSize + 4*$fPadding;
-			$w = $xMax - $xPos - 2*$fPadding;
+			$xPos = $xMin + $fMaxWidth + $fIconSize + 4 * $fPadding;
+			$w = $xMax - $xPos - 2 * $fPadding;
 			$iNbLines = 1;
-			$sText = '<p>'.str_replace("\n", '<br/>', htmlentities($sComments, ENT_QUOTES, 'UTF-8'), $iNbLines).'</p>';
+			$sText = '<p>'.str_replace("\n", '<br/>', utils::EscapeHtml($sComments), $iNbLines).'</p>';
 			$fLineHeight = $oPdf->getStringHeight($w, $sText);
-			$h = (1+$iNbLines) * $fLineHeight;
-			$yPos = $yMax - 2*$fPadding - $h;
+			$h = (1 + $iNbLines) * $fLineHeight;
+			$yPos = $yMax - 2 * $fPadding - $h;
 			$oPdf->writeHTMLCell($w, $h, $xPos + $fPadding, $yPos + $fPadding, $sText, 0 /* border */, 1 /* ln */);
-			$oPdf->Rect($xPos, $yPos, $w + 2*$fPadding, $h + 2*$fPadding, 'D');
+			$oPdf->Rect($xPos, $yPos, $w + 2 * $fPadding, $h + 2 * $fPadding, 'D');
 			$yMax = $yPos - $fPadding;
 		}
 
diff --git a/core/excelbulkexport.class.inc.php b/core/excelbulkexport.class.inc.php
index caecf7111..78c81ed5d 100644
--- a/core/excelbulkexport.class.inc.php
+++ b/core/excelbulkexport.class.inc.php
@@ -100,8 +100,8 @@ class ExcelBulkExport extends TabularBulkExport
 
 				$sDateTimeFormat = utils::ReadParam('date_format', (string)AttributeDateTime::GetFormat(), true, 'raw_data');
 
-				$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-				$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+				$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+				$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 				$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatDefault_Example', $sDefaultFormat, $sExample), "excel_date_format_radio", "default", "excel_date_time_format_default", "radio");
 				$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 				$oRadioDefault->SetBeforeInput(false);
@@ -109,7 +109,7 @@ class ExcelBulkExport extends TabularBulkExport
 				$oFieldSetDate->AddSubBlock($oRadioDefault);
 				$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-				$sFormatInput = '<input type="text" size="15" name="date_format" id="excel_custom_date_time_format" title="" value="'.htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+				$sFormatInput = '<input type="text" size="15" name="date_format" id="excel_custom_date_time_format" title="" value="'.utils::EscapeHtml($sDateTimeFormat).'"/>';
 				$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatCustom_Format', $sFormatInput), "excel_date_format_radio", "custom", "excel_date_time_format_custom", "radio");
 				$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 				$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
@@ -156,16 +156,17 @@ EOF
 
 	protected function GetSampleData($oObj, $sAttCode)
 	{
-		if ($sAttCode != 'id')
-		{
+		if ($sAttCode != 'id') {
 			$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
-		return '<div class="text-preview">'.htmlentities($this->GetValue($oObj, $sAttCode), ENT_QUOTES, 'UTF-8').'</div>';
+
+		return '<div class="text-preview">'.utils::EscapeHtml($this->GetValue($oObj, $sAttCode)).'</div>';
 	}
 
 	protected function GetValue($oObj, $sAttCode)
diff --git a/core/htmlbulkexport.class.inc.php b/core/htmlbulkexport.class.inc.php
index 0b5a62bf2..685734e86 100644
--- a/core/htmlbulkexport.class.inc.php
+++ b/core/htmlbulkexport.class.inc.php
@@ -62,7 +62,8 @@ class HTMLBulkExport extends TabularBulkExport
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
 		return $this->GetValue($oObj, $sAttCode);
diff --git a/core/inlineimage.class.inc.php b/core/inlineimage.class.inc.php
index ec71d82a0..66aa6d70d 100644
--- a/core/inlineimage.class.inc.php
+++ b/core/inlineimage.class.inc.php
@@ -295,13 +295,12 @@ class InlineImage extends DBObject
 			{
 				$sImgTag = $aImgInfo[0][0];
 				$sSecret = '';
-				if (preg_match('/data-img-secret="([0-9a-f]+)"/', $sImgTag, $aSecretMatches))
-				{
+				if (preg_match('/data-img-secret="([0-9a-f]+)"/', $sImgTag, $aSecretMatches)) {
 					$sSecret = '&s='.$aSecretMatches[1];
 				}
 				$sAttId = $aImgInfo[2][0];
-	
-				$sNewImgTag = preg_replace('/src="[^"]+"/', 'src="'.htmlentities($sUrl.$sAttId.$sSecret, ENT_QUOTES, 'UTF-8').'"', $sImgTag); // preserve other attributes, must convert & to &amp; to be idempotent with CKEditor
+
+				$sNewImgTag = preg_replace('/src="[^"]+"/', 'src="'.utils::EscapeHtml($sUrl.$sAttId.$sSecret).'"', $sImgTag); // preserve other attributes, must convert & to &amp; to be idempotent with CKEditor
 				$aNeedles[] = $sImgTag;
 				$aReplacements[] = $sNewImgTag;
 			}
@@ -536,8 +535,8 @@ JS
 		$iObjKey = $oObject->GetKey();
 
 		$sAbsoluteUrlAppRoot = utils::GetAbsoluteUrlAppRoot();
-		$sToggleFullScreen = htmlentities(Dict::S('UI:ToggleFullScreen'), ENT_QUOTES, 'UTF-8');
-		
+		$sToggleFullScreen = utils::EscapeHtml(Dict::S('UI:ToggleFullScreen'));
+
 		return
 			<<<JS
 		// Hook the file upload of all CKEditor instances
diff --git a/core/metamodel.class.php b/core/metamodel.class.php
index d16012626..71da54e91 100644
--- a/core/metamodel.class.php
+++ b/core/metamodel.class.php
@@ -4997,27 +4997,23 @@ abstract class MetaModel
 	 */
 	public static function DBShowApplyForm($sRepairUrl, $sSQLStatementArgName, $aSQLFixes)
 	{
-		if (empty($sRepairUrl))
-		{
+		if (empty($sRepairUrl)) {
 			return;
 		}
 
 		// By design, some queries might be blank, we have to ignore them
 		$aCleanFixes = array();
-		foreach($aSQLFixes as $sSQLFix)
-		{
-			if (!empty($sSQLFix))
-			{
+		foreach ($aSQLFixes as $sSQLFix) {
+			if (!empty($sSQLFix)) {
 				$aCleanFixes[] = $sSQLFix;
 			}
 		}
-		if (count($aCleanFixes) == 0)
-		{
+		if (count($aCleanFixes) == 0) {
 			return;
 		}
 
 		echo "<form action=\"$sRepairUrl\" method=\"POST\">\n";
-		echo "   <input type=\"hidden\" name=\"$sSQLStatementArgName\" value=\"".htmlentities(implode("##SEP##", $aCleanFixes), ENT_QUOTES, 'UTF-8')."\">\n";
+		echo "   <input type=\"hidden\" name=\"$sSQLStatementArgName\" value=\"".utils::EscapeHtml(implode("##SEP##", $aCleanFixes))."\">\n";
 		echo "   <input type=\"submit\" value=\" Apply changes (".count($aCleanFixes)." queries) \">\n";
 		echo "</form>\n";
 	}
@@ -5263,24 +5259,21 @@ abstract class MetaModel
 		$sRes = '';
 
 		$sRes .= "// Dictionnay conventions\n";
-		$sRes .= htmlentities("// Class:<class_name>\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>+\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>+\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>/Stimulus:<stimulus_code>\n", ENT_QUOTES, 'UTF-8');
-		$sRes .= htmlentities("// Class:<class_name>/Stimulus:<stimulus_code>+\n", ENT_QUOTES, 'UTF-8');
+		$sRes .= utils::EscapeHtml("// Class:<class_name>\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>+\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>/Attribute:<attribute_code>\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>/Attribute:<attribute_code>+\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>/Stimulus:<stimulus_code>\n");
+		$sRes .= utils::EscapeHtml("// Class:<class_name>/Stimulus:<stimulus_code>+\n");
 		$sRes .= "\n";
 
 		// Note: I did not use EnumCategories(), because a given class maybe found in several categories
 		// Need to invent the "module", to characterize the origins of a class
-		if (strlen($sModules) == 0)
-		{
+		if (strlen($sModules) == 0) {
 			$aModules = array('bizmodel', 'core/cmdb', 'gui', 'application', 'addon/userrights');
-		}
-		else
-		{
+		} else {
 			$aModules = explode(', ', $sModules);
 		}
 
@@ -5288,17 +5281,14 @@ abstract class MetaModel
 		$sRes .= "// Note: The classes have been grouped by categories: ".implode(', ', $aModules)."\n";
 		$sRes .= "//////////////////////////////////////////////////////////////////////\n";
 
-		foreach($aModules as $sCategory)
-		{
+		foreach ($aModules as $sCategory) {
 			$sRes .= "//////////////////////////////////////////////////////////////////////\n";
 			$sRes .= "// Classes in '<em>$sCategory</em>'\n";
 			$sRes .= "//////////////////////////////////////////////////////////////////////\n";
 			$sRes .= "//\n";
 			$sRes .= "\n";
-			foreach(self::GetClasses($sCategory) as $sClass)
-			{
-				if (!self::HasTable($sClass))
-				{
+			foreach (self::GetClasses($sCategory) as $sClass) {
+				if (!self::HasTable($sClass)) {
 					continue;
 				}
 
@@ -7022,30 +7012,26 @@ abstract class MetaModel
 	 */
 	public static function GetHyperLink($sTargetClass, $iKey)
 	{
-		if ($iKey < 0)
-		{
+		if ($iKey < 0) {
 			return "$sTargetClass: $iKey (invalid value)";
 		}
 		$oObj = self::GetObject($sTargetClass, $iKey, false);
-		if (is_null($oObj))
-		{
+		if (is_null($oObj)) {
 			// Whatever we are looking for, the root class is the key to search for
 			$sRootClass = self::GetRootClass($sTargetClass);
 			$oSearch = DBObjectSearch::FromOQL('SELECT CMDBChangeOpDelete WHERE objclass = :objclass AND objkey = :objkey', array('objclass' => $sRootClass, 'objkey' => $iKey));
 			$oSet = new DBObjectSet($oSearch);
 			$oRecord = $oSet->Fetch();
 			// An empty fname is obtained with iTop < 2.0
-			if (is_null($oRecord) || (strlen(trim($oRecord->Get('fname'))) == 0))
-			{
+			if (is_null($oRecord) || (strlen(trim($oRecord->Get('fname'))) == 0)) {
 				$sName = Dict::Format('Core:UnknownObjectLabel', $sTargetClass, $iKey);
 				$sTitle = Dict::S('Core:UnknownObjectTip');
-			}
-			else
-			{
+			} else {
 				$sName = $oRecord->Get('fname');
 				$sTitle = Dict::Format('Core:DeletedObjectTip', $oRecord->Get('date'), $oRecord->Get('userinfo'));
 			}
-			return '<span class="itop-deleted-object" title="'.htmlentities($sTitle, ENT_QUOTES, 'UTF-8').'">'.htmlentities($sName, ENT_QUOTES, 'UTF-8').'</span>';
+
+			return '<span class="itop-deleted-object" title="'.utils::EscapeHtml($sTitle).'">'.utils::EscapeHtml($sName).'</span>';
 		}
 		return $oObj->GetHyperLink();
 	}
diff --git a/core/oql/oqlexception.class.inc.php b/core/oql/oqlexception.class.inc.php
index f336bc4e3..81e771b27 100644
--- a/core/oql/oqlexception.class.inc.php
+++ b/core/oql/oqlexception.class.inc.php
@@ -58,22 +58,19 @@ class OQLException extends CoreException
 
 	public function getHtmlDesc($sHighlightHtmlBegin = '<span style="font-weight: bolder">', $sHighlightHtmlEnd = '</span>')
 	{
-		$sRet = htmlentities($this->m_MyIssue.", found '".$this->m_sUnexpected."' in: ", ENT_QUOTES, 'UTF-8');
-		$sRet .= htmlentities(substr($this->m_sInput, 0, $this->m_iCol), ENT_QUOTES, 'UTF-8');
-		$sRet .= $sHighlightHtmlBegin.htmlentities(substr($this->m_sInput, $this->m_iCol, strlen($this->m_sUnexpected)), ENT_QUOTES, 'UTF-8').$sHighlightHtmlEnd;
-		$sRet .= htmlentities(substr($this->m_sInput, $this->m_iCol + strlen($this->m_sUnexpected)), ENT_QUOTES, 'UTF-8');
+		$sRet = utils::EscapeHtml($this->m_MyIssue.", found '".$this->m_sUnexpected."' in: ");
+		$sRet .= utils::EscapeHtml(substr($this->m_sInput, 0, $this->m_iCol));
+		$sRet .= $sHighlightHtmlBegin.utils::EscapeHtml(substr($this->m_sInput, $this->m_iCol, strlen($this->m_sUnexpected))).$sHighlightHtmlEnd;
+		$sRet .= utils::EscapeHtml(substr($this->m_sInput, $this->m_iCol + strlen($this->m_sUnexpected)));
 
-		if (!is_null($this->m_aExpecting) && (count($this->m_aExpecting) > 0))
-		{
-			if (count($this->m_aExpecting) < 30)
-			{
+		if (!is_null($this->m_aExpecting) && (count($this->m_aExpecting) > 0)) {
+			if (count($this->m_aExpecting) < 30) {
 				$sExpectations = '{'.implode(', ', $this->m_aExpecting).'}';
-				$sRet .= ", expecting ".htmlentities($sExpectations, ENT_QUOTES, 'UTF-8');
-			} 
+				$sRet .= ", expecting ".utils::EscapeHtml($sExpectations);
+			}
 			$sSuggest = self::FindClosestString($this->m_sUnexpected, $this->m_aExpecting);
-			if (strlen($sSuggest) > 0)
-			{
-				$sRet .= ", I would suggest to use '$sHighlightHtmlBegin".htmlentities($sSuggest, ENT_QUOTES, 'UTF-8')."$sHighlightHtmlEnd'";
+			if (strlen($sSuggest) > 0) {
+				$sRet .= ", I would suggest to use '$sHighlightHtmlBegin".utils::EscapeHtml($sSuggest)."$sHighlightHtmlEnd'";
 			}
 		}
 
diff --git a/core/ormcaselog.class.inc.php b/core/ormcaselog.class.inc.php
index 950ff0627..03a4a3612 100644
--- a/core/ormcaselog.class.inc.php
+++ b/core/ormcaselog.class.inc.php
@@ -252,7 +252,7 @@ class ormCaseLog {
 			if (!array_key_exists('format', $aIndex[$index]) || ($aIndex[$index]['format'] == static::ENUM_FORMAT_TEXT))
 			{
 				$sCSSClass = 'caselog_entry';
-				$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sTextEntry, ENT_QUOTES, 'UTF-8'));
+				$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sTextEntry));
 			}
 			else
 			{
@@ -292,19 +292,15 @@ class ormCaseLog {
 		}
 
 		// Process the case of an eventual remainder (quick migration of AttributeText fields)
-		if ($iPos < (strlen($this->m_sLog) - 1))
-		{
+		if ($iPos < (strlen($this->m_sLog) - 1)) {
 			$sTextEntry = substr($this->m_sLog, $iPos);
-			$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sTextEntry, ENT_QUOTES, 'UTF-8'));
+			$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sTextEntry));
 
-			if (count($this->m_aIndex) == 0)
-			{
+			if (count($this->m_aIndex) == 0) {
 				$sHtml .= '<div class="caselog_entry" style="'.$sStyleCaseLogEntry.'"">';
 				$sHtml .= $sTextEntry;
 				$sHtml .= '</div>';
-			}
-			else
-			{
+			} else {
 				$sHtml .= '<div class="caselog_header" style="'.$sStyleCaseLogHeader.'">';
 				$sHtml .= Dict::S('UI:CaseLog:InitialValue');
 				$sHtml .= '</div>';
@@ -327,24 +323,18 @@ class ormCaseLog {
 		$sHtml = '<ul class="case_log_simple_html">';
 		$iPos = 0;
 		$aIndex = $this->m_aIndex;
-		for($index=count($aIndex)-1 ; $index >= 0 ; $index--)
-		{
+		for($index=count($aIndex)-1 ; $index >= 0 ; $index--) {
 			$iPos += $aIndex[$index]['separator_length'];
 			$sTextEntry = substr($this->m_sLog, $iPos, $aIndex[$index]['text_length']);
 			$sCSSClass = 'case_log_simple_html_entry_html';
-			if (!array_key_exists('format', $aIndex[$index]) || ($aIndex[$index]['format'] == static::ENUM_FORMAT_TEXT))
-			{
+			if (!array_key_exists('format', $aIndex[$index]) || ($aIndex[$index]['format'] == static::ENUM_FORMAT_TEXT)) {
 				$sCSSClass = 'case_log_simple_html_entry';
-				$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sTextEntry, ENT_QUOTES, 'UTF-8'));
-				if (!is_null($aTransfoHandler))
-				{
+				$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sTextEntry));
+				if (!is_null($aTransfoHandler)) {
 					$sTextEntry = call_user_func($aTransfoHandler, $sTextEntry);
 				}
-			}
-			else
-			{
-				if (!is_null($aTransfoHandler))
-				{
+			} else {
+				if (!is_null($aTransfoHandler)) {
 					$sTextEntry = call_user_func($aTransfoHandler, $sTextEntry, true /* wiki "links" only */);
 				}
 				$sTextEntry = InlineImage::FixUrls($sTextEntry);
@@ -383,19 +373,15 @@ class ormCaseLog {
 		}
 
 		// Process the case of an eventual remainder (quick migration of AttributeText fields)
-		if ($iPos < (strlen($this->m_sLog) - 1))
-		{
+		if ($iPos < (strlen($this->m_sLog) - 1)) {
 			$sTextEntry = substr($this->m_sLog, $iPos);
-			$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sTextEntry, ENT_QUOTES, 'UTF-8'));
+			$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sTextEntry));
 
-			if (count($this->m_aIndex) == 0)
-			{
+			if (count($this->m_aIndex) == 0) {
 				$sHtml .= '<li>';
 				$sHtml .= $sTextEntry;
 				$sHtml .= '</li>';
-			}
-			else
-			{
+			} else {
 				$sHtml .= '<li>';
 				$sHtml .= Dict::S('UI:CaseLog:InitialValue');
 				$sHtml .= '<div class="case_log_simple_html_entry" style="'.$sStyleCaseLogEntry.'">';
@@ -437,11 +423,9 @@ class ormCaseLog {
 			}
 			$iPos += $aIndex[$index]['separator_length'];
 			$sTextEntry = substr($this->m_sLog, $iPos, $aIndex[$index]['text_length']);
-			if (!array_key_exists('format', $aIndex[$index]) || ($aIndex[$index]['format'] == static::ENUM_FORMAT_TEXT))
-			{
-				$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sTextEntry, ENT_QUOTES, 'UTF-8'));
-				if (!is_null($aTransfoHandler))
-				{
+			if (!array_key_exists('format', $aIndex[$index]) || ($aIndex[$index]['format'] == static::ENUM_FORMAT_TEXT)) {
+				$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sTextEntry));
+				if (!is_null($aTransfoHandler)) {
 					$sTextEntry = call_user_func($aTransfoHandler, $sTextEntry);
 				}
 			}
@@ -483,19 +467,16 @@ class ormCaseLog {
 			$oBlock->AddSubBlock($oCollapsibleBlock);
 		}
 		// Process the case of an eventual remainder (quick migration of AttributeText fields)
-		if ($iPos < (strlen($this->m_sLog) - 1))
-		{
+		if ($iPos < (strlen($this->m_sLog) - 1)) {
 			// In this case the format is always "text"
 			$sTextEntry = substr($this->m_sLog, $iPos);
-			$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sTextEntry, ENT_QUOTES, 'UTF-8'));
-			if (!is_null($aTransfoHandler))
-			{
+			$sTextEntry = str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sTextEntry));
+			if (!is_null($aTransfoHandler)) {
 				$sTextEntry = call_user_func($aTransfoHandler, $sTextEntry);
 			}
 
-			if (count($this->m_aIndex) == 0)
-			{
-				$oCollapsibleBlock = CollapsibleSectionUIBlockFactory::MakeStandard(  '');
+			if (count($this->m_aIndex) == 0) {
+				$oCollapsibleBlock = CollapsibleSectionUIBlockFactory::MakeStandard('');
 				$oCollapsibleBlock->AddSubBlock(new Html($sTextEntry));
 				$oCollapsibleBlock->SetOpenedByDefault(true);
 				$oBlock->AddSubBlock($oCollapsibleBlock);
diff --git a/core/ormdocument.class.inc.php b/core/ormdocument.class.inc.php
index 1af6b5c67..badd01904 100644
--- a/core/ormdocument.class.inc.php
+++ b/core/ormdocument.class.inc.php
@@ -109,17 +109,14 @@ class ormDocument
 	public function GetAsHTML()
 	{
 		$sResult = '';
-		if ($this->IsEmpty())
-		{
+		if ($this->IsEmpty()) {
 			// If the filename is not empty, display it, this is used
 			// by the creation wizard while the file has not yet been uploaded
-			$sResult = htmlentities($this->GetFileName(), ENT_QUOTES, 'UTF-8');
-		}
-		else
-		{
+			$sResult = utils::EscapeHtml($this->GetFileName());
+		} else {
 			$data = $this->GetData();
 			$sSize = utils::BytesToFriendlyFormat(strlen($data));
-			$sResult = htmlentities($this->GetFileName(), ENT_QUOTES, 'UTF-8').' ('.$sSize.')<br/>';
+			$sResult = utils::EscapeHtml($this->GetFileName()).' ('.$sSize.')<br/>';
 		}
 		return $sResult;
 	}
@@ -131,7 +128,8 @@ class ormDocument
 	public function GetDisplayLink($sClass, $Id, $sAttCode)
 	{
 		$sUrl = $this->GetDisplayURL($sClass, $Id, $sAttCode);
-		return "<a href=\"$sUrl\" target=\"_blank\" >".htmlentities($this->GetFileName(), ENT_QUOTES, 'UTF-8')."</a>\n";
+
+		return "<a href=\"$sUrl\" target=\"_blank\" >".utils::EscapeHtml($this->GetFileName())."</a>\n";
 	}
 	
 	/**
@@ -141,7 +139,8 @@ class ormDocument
 	public function GetDownloadLink($sClass, $Id, $sAttCode)
 	{
 		$sUrl = $this->GetDownloadURL($sClass, $Id, $sAttCode);
-		return "<a href=\"$sUrl\">".htmlentities($this->GetFileName(), ENT_QUOTES, 'UTF-8')."</a>\n";
+
+		return "<a href=\"$sUrl\">".utils::EscapeHtml($this->GetFileName())."</a>\n";
 	}
 
 	/**
diff --git a/core/pdfbulkexport.class.inc.php b/core/pdfbulkexport.class.inc.php
index ba25a61ed..df22d7141 100644
--- a/core/pdfbulkexport.class.inc.php
+++ b/core/pdfbulkexport.class.inc.php
@@ -62,7 +62,7 @@ class PDFBulkExport extends HTMLBulkExport
 				$aPossibleFormat = ['A3', 'A4', 'Letter'];
 				$sDefaultFormat = 'A4';
 				foreach ($aPossibleFormat as $sVal) {
-					$oSelectFormat->AddSubBlock(SelectOptionUIBlockFactory::MakeForSelectOption($sVal, htmlentities(Dict::S('Core:BulkExport:PageSize-'.$sVal), ENT_QUOTES, 'UTF-8'), ($sVal == $sDefaultFormat)));
+					$oSelectFormat->AddSubBlock(SelectOptionUIBlockFactory::MakeForSelectOption($sVal, utils::EscapeHtml(Dict::S('Core:BulkExport:PageSize-'.$sVal)), ($sVal == $sDefaultFormat)));
 				}
 				$oFieldSetFormat->AddSubBlock(new Html('</br>'));
 
@@ -75,7 +75,7 @@ class PDFBulkExport extends HTMLBulkExport
 				$aPossibleOrientation = ['P', 'L'];
 				$sDefaultOrientation = 'L';
 				foreach ($aPossibleOrientation as $sVal) {
-					$oSelectOrientation->AddSubBlock(SelectOptionUIBlockFactory::MakeForSelectOption($sVal, htmlentities(Dict::S('Core:BulkExport:PageOrientation-'.$sVal), ENT_QUOTES, 'UTF-8'), ($sVal == $sDefaultOrientation)));
+					$oSelectOrientation->AddSubBlock(SelectOptionUIBlockFactory::MakeForSelectOption($sVal, utils::EscapeHtml(Dict::S('Core:BulkExport:PageOrientation-'.$sVal)), ($sVal == $sDefaultOrientation)));
 				}
 
 				//date format
@@ -84,8 +84,8 @@ class PDFBulkExport extends HTMLBulkExport
 
 				$sDateTimeFormat = utils::ReadParam('date_format', (string)AttributeDateTime::GetFormat(), true, 'raw_data');
 
-				$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-				$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+				$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+				$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 				$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatDefault_Example', $sDefaultFormat, $sExample), "pdf_date_format_radio", "default", "pdf_date_time_format_default", "radio");
 				$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 				$oRadioDefault->SetBeforeInput(false);
@@ -93,7 +93,7 @@ class PDFBulkExport extends HTMLBulkExport
 				$oFieldSetDate->AddSubBlock($oRadioDefault);
 				$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-				$sFormatInput = '<input type="text" size="15" name="date_format" id="pdf_custom_date_time_format" title="" value="'.htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+				$sFormatInput = '<input type="text" size="15" name="date_format" id="pdf_custom_date_time_format" title="" value="'.utils::EscapeHtml($sDateTimeFormat).'"/>';
 				$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatCustom_Format', $sFormatInput), "pdf_date_format_radio", "custom", "pdf_date_time_format_custom", "radio");
 				$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 				$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
diff --git a/core/spreadsheetbulkexport.class.inc.php b/core/spreadsheetbulkexport.class.inc.php
index 50629d400..6bd557dc8 100644
--- a/core/spreadsheetbulkexport.class.inc.php
+++ b/core/spreadsheetbulkexport.class.inc.php
@@ -73,8 +73,8 @@ class SpreadsheetBulkExport extends TabularBulkExport
 
 				$sDateTimeFormat = utils::ReadParam('date_format', (string)AttributeDateTime::GetFormat(), true, 'raw_data');
 
-				$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-				$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+				$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+				$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 				$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatDefault_Example', $sDefaultFormat, $sExample), "spreadsheet_date_format_radio", "default", "spreadsheet_date_time_format_default", "radio");
 				$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 				$oRadioDefault->GetInput()->AddCSSClass('ibo-input-checkbox');
@@ -82,7 +82,7 @@ class SpreadsheetBulkExport extends TabularBulkExport
 				$oFieldSetDate->AddSubBlock($oRadioDefault);
 				$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-				$sFormatInput = '<input type="text" size="15" name="date_format" id="spreadsheet_custom_date_time_format" title="" value="'.htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+				$sFormatInput = '<input type="text" size="15" name="date_format" id="spreadsheet_custom_date_time_format" title="" value="'.utils::EscapeHtml($sDateTimeFormat).'"/>';
 				$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatCustom_Format', $sFormatInput), "spreadsheet_date_format_radio", "custom", "spreadsheet_date_time_format_custom", "radio");
 				$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 				$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
@@ -140,7 +140,8 @@ EOF
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
 		return $this->GetValue($oObj, $sAttCode);
@@ -158,19 +159,13 @@ EOF
 			default:
 				$value = $oObj->Get($sAttCode);
 				$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
-				if ($value instanceof ormCaseLog)
-				{
-					$sRet = str_replace("\n", "<br/>", htmlentities($value->__toString(), ENT_QUOTES, 'UTF-8'));
-				}
-				elseif ($value instanceof ormStopWatch)
-				{
+				if ($value instanceof ormCaseLog) {
+					$sRet = str_replace("\n", "<br/>", utils::EscapeHtml($value->__toString()));
+				} elseif ($value instanceof ormStopWatch) {
 					$sRet = $value->GetTimeSpent();
-				}
-				elseif ($value instanceof ormDocument)
-				{
+				} elseif ($value instanceof ormDocument) {
 					$sRet = '';
-				}
-				elseif ($oAttDef instanceof AttributeText)
+				} elseif ($oAttDef instanceof AttributeText)
 				{
 					if ($bFormattedText)
 					{
@@ -191,15 +186,11 @@ EOF
 					// Stick to the weird implementation made in GetNextChunk
 					$sRet = utils::TextToHtml($oObj->GetEditValue($sAttCode));
 				}
-				else
-				{
-					if ($this->bLocalizeOutput)
-					{
-						$sRet = htmlentities($oObj->GetEditValue(), ENT_QUOTES, 'UTF-8');
-					}
-					else
-					{
-						$sRet = htmlentities((string)$value, ENT_QUOTES, 'UTF-8');
+				else {
+					if ($this->bLocalizeOutput) {
+						$sRet = utils::EscapeHtml($oObj->GetEditValue());
+					} else {
+						$sRet = utils::EscapeHtml((string)$value);
 					}
 				}
 		}
@@ -314,22 +305,16 @@ EOF
 							$sData .= "<td>$sDate</td>";
 							$sData .= "<td>$sTime</td>";
 						}
-						else if (get_class($oFinalAttDef) == 'AttributeDate')
-						{
+						else if (get_class($oFinalAttDef) == 'AttributeDate') {
 							$sDate = $oDateFormat->Format($oObj->Get($sAttCode));
 							$sData .= "<td>$sDate</td>";
-						}
-						else if($oAttDef instanceof AttributeCaseLog)
-						{
+						} else if ($oAttDef instanceof AttributeCaseLog) {
 							$rawValue = $oObj->Get($sAttCode);
-							$sField = str_replace("\n", "<br/>", htmlentities($rawValue->__toString(), ENT_QUOTES, 'UTF-8'));
+							$sField = str_replace("\n", "<br/>", utils::EscapeHtml($rawValue->__toString()));
 							// Trick for Excel: treat the content as text even if it begins with an equal sign
 							$sData .= "<td x:str>$sField</td>";
-						}
-						elseif ($oAttDef instanceof AttributeText)
-						{
-							if ($bFormattedText)
-							{
+						} elseif ($oAttDef instanceof AttributeText) {
+							if ($bFormattedText) {
 								// Replace paragraphs (<p...>...</p>, etc) by line breaks (<br/>) since Excel (pre-2016) splits the cells when there is a paragraph
 								$sField = static::HtmlToSpreadsheet($oObj->GetAsHTML($sAttCode));
 							}
@@ -356,16 +341,12 @@ EOF
 							$sField = utils::HtmlEntities($oObj->GetAsCSV($sAttCode, $this->bLocalizeOutput, ''));
 							$sData .= "<td x:str>$sField</td>";
 						}
-						else
-						{
+						else {
 							$rawValue = $oObj->Get($sAttCode);
-							if ($this->bLocalizeOutput)
-							{
-								$sField = htmlentities($oFinalAttDef->GetEditValue($rawValue), ENT_QUOTES, 'UTF-8');
-							}
-							else
-							{
-								$sField = htmlentities($rawValue, ENT_QUOTES, 'UTF-8');
+							if ($this->bLocalizeOutput) {
+								$sField = utils::EscapeHtml($oFinalAttDef->GetEditValue($rawValue));
+							} else {
+								$sField = utils::EscapeHtml($rawValue);
 							}
 							$sData .= "<td>$sField</td>";
 						}
diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php
index 4567bc8ac..adfa4cb18 100644
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -527,7 +527,7 @@ abstract class User extends cmdbAbstractObject
 				{
 					if (UserRights::IsStimulusAllowed($sClass, $sStimulusCode, null, $this))
 					{
-						$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+						$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 					}
 				}
 				$sStimuli = implode(', ', $aStimuli);
diff --git a/datamodels/2.x/itop-attachments/ajax.itop-attachment.php b/datamodels/2.x/itop-attachments/ajax.itop-attachment.php
index f5f45997c..cdf5d1aef 100644
--- a/datamodels/2.x/itop-attachments/ajax.itop-attachment.php
+++ b/datamodels/2.x/itop-attachments/ajax.itop-attachment.php
@@ -104,7 +104,7 @@ try
 					$oAttachment->Set('contents', $oDoc);
 					$iAttId = $oAttachment->DBInsert();
 
-					$aResult['msg'] = htmlentities($oDoc->GetFileName(), ENT_QUOTES, 'UTF-8');
+					$aResult['msg'] = utils::EscapeHtml($oDoc->GetFileName());
 					$aResult['icon'] = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($oDoc->GetFileName());
 					$aResult['att_id'] = $iAttId;
 					$aResult['preview'] = $oDoc->IsPreviewAvailable() ? 'true' : 'false';
@@ -138,9 +138,8 @@ try
 
 	$oPage->output();
 }
-catch (Exception $e)
-{
+catch (Exception $e) {
 	// note: transform to cope with XSS attacks
-	echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
+	echo utils::EscapeHtml($e->GetMessage());
 	IssueLog::Error($e->getMessage());
 }
diff --git a/datamodels/2.x/itop-attachments/main.itop-attachments.php b/datamodels/2.x/itop-attachments/main.itop-attachments.php
index 24ad38a6e..dad027bf6 100644
--- a/datamodels/2.x/itop-attachments/main.itop-attachments.php
+++ b/datamodels/2.x/itop-attachments/main.itop-attachments.php
@@ -679,13 +679,12 @@ class CMDBChangeOpAttachmentAdded extends CMDBChangeOp
 		// Temporary, until we change the options of GetDescription() -needs a more global revision
 		$sTargetObjectClass = 'Attachment';
 		$iTargetObjectKey = $this->Get('attachment_id');
-		$sFilename = htmlentities($this->Get('filename'), ENT_QUOTES, 'UTF-8');
+		$sFilename = utils::EscapeHtml($this->Get('filename'));
 		$oTargetSearch = new DBObjectSearch($sTargetObjectClass);
 		$oTargetSearch->AddCondition('id', $iTargetObjectKey, '=');
 
 		$oMonoObjectSet = new DBObjectSet($oTargetSearch);
-		if ($oMonoObjectSet->Count() > 0)
-		{
+		if ($oMonoObjectSet->Count() > 0) {
 			$oAttachment = $oMonoObjectSet->Fetch();
 			$oDoc = $oAttachment->Get('contents');
 			$sPreview = $oDoc->IsPreviewAvailable() ? 'data-preview="true"' : '';
@@ -739,7 +738,7 @@ class CMDBChangeOpAttachmentRemoved extends CMDBChangeOp
 	{
 		// Temporary, until we change the options of GetDescription() -needs a more global revision
 		$sResult = Dict::Format('Attachments:History_File_Removed',
-			'<span class="attachment-history-deleted">'.htmlentities($this->Get('filename'), ENT_QUOTES, 'UTF-8').'</span>');
+			'<span class="attachment-history-deleted">'.utils::EscapeHtml($this->Get('filename')).'</span>');
 
 		return $sResult;
 	}
diff --git a/datamodels/2.x/itop-config/config.php b/datamodels/2.x/itop-config/config.php
index eca3dba63..3db15541b 100644
--- a/datamodels/2.x/itop-config/config.php
+++ b/datamodels/2.x/itop-config/config.php
@@ -170,7 +170,8 @@ try {
 							$iEditorTopMargin += 5*$iWarnings;
 
 							$sOriginalConfig = str_replace("\r\n", "\n", file_get_contents($sConfigFile));
-						} catch (Exception $e) {
+						}
+						catch (Exception $e) {
 							$oAlert = AlertUIBlockFactory::MakeForDanger('', $e->getMessage());
 							$iEditorTopMargin += 5;
 							$oP->AddUiBlock($oAlert);
@@ -180,8 +181,8 @@ try {
 			}
 
 
-			$sConfigEscaped = htmlentities($sConfig, ENT_QUOTES, 'UTF-8');
-			$sOriginalConfigEscaped = htmlentities($sOriginalConfig, ENT_QUOTES, 'UTF-8');
+			$sConfigEscaped = utils::EscapeHtml($sConfig);
+			$sOriginalConfigEscaped = utils::EscapeHtml($sOriginalConfig);
 			$oP->AddUiBlock(new Html('<p>'.Dict::S('config-edit-intro').'</p>'));
 
 			$oForm = new Form();
diff --git a/datamodels/2.x/itop-hub-connector/land.php b/datamodels/2.x/itop-hub-connector/land.php
index ed4a32264..8129422fd 100644
--- a/datamodels/2.x/itop-hub-connector/land.php
+++ b/datamodels/2.x/itop-hub-connector/land.php
@@ -36,11 +36,11 @@ function DisplayStatus(WebPage $oPage)
 			$sCode = $oExtension->sCode;
 			$sDir = basename($oExtension->sSourceDir);
 			$oPage->add('<input type="checkbox" data-extension-code="'.$sCode.'" data-extension-dir="'.$sDir.'" checked disabled>&nbsp;');
-			$oPage->add('<label><b>'.htmlentities($oExtension->sLabel, ENT_QUOTES, 'UTF-8').'</b> '.$sInstallation.'</label>');
+			$oPage->add('<label><b>'.utils::EscapeHtml($oExtension->sLabel).'</b> '.$sInstallation.'</label>');
 			$oPage->add('<div class="description">');
 			$oPage->add('<p>');
 			if ($oExtension->sDescription != '') {
-				$oPage->add(htmlentities($oExtension->sDescription, ENT_QUOTES, 'UTF-8').'</br>');
+				$oPage->add(utils::EscapeHtml($oExtension->sDescription).'</br>');
 			}
 			$oPage->add('</p>');
 			$oPage->add('</div>');
@@ -161,11 +161,11 @@ function DoInstall(WebPage $oPage)
 				$oPage->add('<div class="choice">');
 				$oPage->add('<input type="checkbox" disabled>&nbsp;');
 				$sTitle = Dict::Format('iTopHub:InstallationEffect:MissingDependencies_Details', implode(', ', $oExtension->aMissingDependencies));
-				$oPage->add('<label><b>'.htmlentities($oExtension->sLabel, ENT_QUOTES, 'UTF-8').'</b> <span style="color:red" title="'.$sTitle.'">'.Dict::S('iTopHub:InstallationEffect:MissingDependencies').'<span></label>');
+				$oPage->add('<label><b>'.utils::EscapeHtml($oExtension->sLabel).'</b> <span style="color:red" title="'.$sTitle.'">'.Dict::S('iTopHub:InstallationEffect:MissingDependencies').'<span></label>');
 				$oPage->add('<div class="description">');
 				$oPage->add('<p>');
 				if ($oExtension->sDescription != '') {
-					$oPage->add(htmlentities($oExtension->sDescription, ENT_QUOTES, 'UTF-8').'</br>');
+					$oPage->add(utils::EscapeHtml($oExtension->sDescription).'</br>');
 				}
 				$oPage->add('</p>');
 				$oPage->add('</div>');
@@ -189,11 +189,11 @@ function DoInstall(WebPage $oPage)
 				$sCode = $oExtension->sCode;
 				$sDir = basename($oExtension->sSourceDir);
 				$oPage->add('<input type="checkbox" checked disabled data-extension-code="'.$sCode.'" data-extension-dir="'.$sDir.'">&nbsp;');
-				$oPage->add('<label><b>'.htmlentities($oExtension->sLabel, ENT_QUOTES, 'UTF-8').'</b> '.$sInstallation.'</label>');
+				$oPage->add('<label><b>'.utils::EscapeHtml($oExtension->sLabel).'</b> '.$sInstallation.'</label>');
 				$oPage->add('<div class="description">');
 				$oPage->add('<p>');
 				if ($oExtension->sDescription != '') {
-					$oPage->add(htmlentities($oExtension->sDescription, ENT_QUOTES, 'UTF-8').'</br>');
+					$oPage->add(utils::EscapeHtml($oExtension->sDescription).'</br>');
 				}
 				$oPage->add('</p>');
 				$oPage->add('</div>');
diff --git a/datamodels/2.x/itop-hub-connector/launch.php b/datamodels/2.x/itop-hub-connector/launch.php
index e7fb355fe..629a7f0dd 100644
--- a/datamodels/2.x/itop-hub-connector/launch.php
+++ b/datamodels/2.x/itop-hub-connector/launch.php
@@ -282,7 +282,7 @@ try {
 			$oPage = new NiceWebPage('');
 			$aDataToPost = MakeDataToPost($sTargetRoute);
 			$oPage->add('<form id="hub_launch_form" action="'.$sHubUrlStateless.'" method="post">');
-			$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
+			$oPage->add('<input type="hidden" name="json" value="'.utils::EscapeHtml(json_encode($aDataToPost)).'">');
 			$oPage->add_ready_script('$("#hub_launch_form").submit();');
 			break;
 
@@ -333,7 +333,7 @@ HTML
 			);
 			$sFormTarget = appUserPreferences::GetPref('itophub_open_in_new_window', 1) ? 'target="_blank"' : '';
 			$oPage->add('<form '.$sFormTarget.' id="hub_launch_form" action="'.$sHubUrl.'" method="post">');
-			$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
+			$oPage->add('<input type="hidden" name="json" value="'.utils::EscapeHtml(json_encode($aDataToPost)).'">');
 
 			// $sNewWindowChecked = appUserPreferences::GetPref('itophub_open_in_new_window', 1) == 1 ? 'checked' : '';
 			// $oPage->add('<p><input type="checkbox" class="userpref" id="itophub_open_in_new_window" '.$sNewWindowChecked.'><label for="itophub_open_in_new_window">'.Dict::S('iTopHub:OpenInNewWindow').'</label><br/>');
diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
index 0acdfd0be..dca04b01e 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
@@ -1235,12 +1235,12 @@ class ObjectController extends BrickController
 						$oAttachment->Set('contents', $oDocument);
 						$iAttId = $oAttachment->DBInsert();
 
-						$aData['msg'] = htmlentities($oDocument->GetFileName(), ENT_QUOTES, 'UTF-8');
+						$aData['msg'] = utils::EscapeHtml($oDocument->GetFileName());
 						$aData['icon'] = utils::GetAbsoluteUrlAppRoot().'env-'.utils::GetCurrentEnvironment().'/itop-attachments/icons/icons8-image-file.svg';
 
 						// Checking if the instance has attachments
 						if (class_exists('AttachmentPlugIn')) {
-							$aData['icon'] = utils::GetAbsoluteUrlAppRoot() . AttachmentPlugIn::GetFileIcon($oDocument->GetFileName());
+							$aData['icon'] = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($oDocument->GetFileName());
 						}
 
 						$aData['att_id'] = $iAttId;
diff --git a/datamodels/2.x/itop-portal-base/portal/src/Helper/ApplicationHelper.php b/datamodels/2.x/itop-portal-base/portal/src/Helper/ApplicationHelper.php
index 605af8efa..f2c07bfcd 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/Helper/ApplicationHelper.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Helper/ApplicationHelper.php
@@ -324,10 +324,9 @@ class ApplicationHelper
 				if (substr($sFieldsetName, 0, 1) !== '_')
 				{
 					$sFieldsetHTML = "\t\t<fieldset>\n";
-					$sFieldsetHTML .= "\t\t\t<legend>".htmlentities(Dict::S($sFieldsetName), ENT_QUOTES, 'UTF-8')."</legend>\n";
+					$sFieldsetHTML .= "\t\t\t<legend>".utils::EscapeHtml(Dict::S($sFieldsetName))."</legend>\n";
 
-					foreach ($aAttCodes as $sAttCode)
-					{
+					foreach ($aAttCodes as $sAttCode) {
 						$sFieldsetHTML .= "\t\t\t<div class=\"form_field\" data-field-id=\"".$sAttCode."\"></div>\n";
 					}
 
diff --git a/pages/UI.php b/pages/UI.php
index c7db22ca0..d479ea8bc 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -632,17 +632,17 @@ try
 					$oP->SetBreadCrumbEntry($sPageId, $sLabel, $sDescription, '', 'fas fa-search', iTopWebPage::ENUM_BREADCRUMB_ENTRY_ICON_TYPE_CSS_CLASSES);
 					$oP->add("<div style=\"padding: 10px;\">\n");
 					$oP->add("<div class=\"header_message\" id=\"full_text_progress\" style=\"position: fixed; background-color: #cccccc; opacity: 0.7; padding: 1.5em;\">\n");
-					$oP->add('<img id="full_text_indicator" src="../images/indicator.gif">&nbsp;<span style="padding: 1.5em;">'.Dict::Format('UI:Search:Ongoing', htmlentities($sFullText, ENT_QUOTES, 'UTF-8')).'</span>');
+					$oP->add('<img id="full_text_indicator" src="../images/indicator.gif">&nbsp;<span style="padding: 1.5em;">'.Dict::Format('UI:Search:Ongoing', utils::EscapeHtml($sFullText)).'</span>');
 					$oP->add("</div>\n");
 					$oP->add("<div id=\"full_text_results\">\n");
 					$oP->add("<div id=\"full_text_progress_placeholder\" style=\"padding: 1.5em;\">&nbsp;</div>\n");
-					$oP->add("<h2>".Dict::Format('UI:FullTextSearchTitle_Text', htmlentities($sFullText, ENT_QUOTES, 'UTF-8'))."</h2>");
+					$oP->add("<h2>".Dict::Format('UI:FullTextSearchTitle_Text', utils::EscapeHtml($sFullText))."</h2>");
 					$oP->add("</div>\n");
 					$oP->add("</div>\n");
 					$sJSClass = addslashes($sClassName);
 					$sJSNeedles = json_encode($aFullTextNeedles);
 					$oP->add_ready_script(
-<<<EOF
+						<<<EOF
 						var oParams = {operation: 'full_text_search', position: 0, 'classname': '$sJSClass', needles: $sJSNeedles, tune: $iTune};
 						$.post(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php', oParams, function(data) {
 							$('#full_text_results').append(data);
@@ -1951,7 +1951,7 @@ class UI
 		$oFullSetFilter->UpdateContextFromUser();
 		$aSelectedObj = utils::ReadMultipleSelection($oFullSetFilter);
 		$sCancelUrl = "./UI.php?operation=search&filter=".urlencode($sFilter)."&".$oAppContext->GetForLink();
-		$aContext = array('filter' => htmlentities($sFilter, ENT_QUOTES, 'UTF-8'));
+		$aContext = array('filter' => utils::EscapeHtml($sFilter));
 		cmdbAbstractObject::DisplayBulkModifyForm($oP, $sClass, $aSelectedObj, 'preview_or_modify_all', $sCancelUrl, array(), $aContext);
 	}
 
@@ -1986,7 +1986,7 @@ class UI
 		$aSelectedObj = explode(',', $sSelectedObj);
 		$sCancelUrl = "./UI.php?operation=search&filter=".urlencode($sFilter)."&".$oAppContext->GetForLink();
 		$aContext = array(
-			'filter' => htmlentities($sFilter, ENT_QUOTES, 'UTF-8'),
+			'filter'    => utils::EscapeHtml($sFilter),
 			'selectObj' => $sSelectedObj,
 		);
 		cmdbAbstractObject::DoBulkModify($oP, $sClass, $aSelectedObj, 'preview_or_modify_all', $bPreview, $sCancelUrl, $aContext);
diff --git a/pages/ajax.csvimport.php b/pages/ajax.csvimport.php
index f3a7de2e7..7b1187593 100644
--- a/pages/ajax.csvimport.php
+++ b/pages/ajax.csvimport.php
@@ -238,7 +238,7 @@ try
 					if (($bFirstLineAsHeader) && ($index == 1)) {
 						$aColumns[] = ["label" => sprintf($sFormat, $index)];
 						foreach ($aRow as $sCell) {
-							$aColumns[] = ["label" => htmlentities($sCell, ENT_QUOTES, 'UTF-8')];
+							$aColumns[] = ["label" => utils::EscapeHtml($sCell)];
 						}
 						$iNbCols = count($aRow);
 					} else {
@@ -248,7 +248,7 @@ try
 						}
 						$aTableRow[] = sprintf($sFormat, $index);
 						foreach ($aRow as $sCell) {
-							$aTableRow[] = htmlentities($sCell, ENT_QUOTES, 'UTF-8');
+							$aTableRow[] = utils::EscapeHtml($sCell);
 						}
 						$aTableData[$index] = $aTableRow;
 					}
@@ -322,8 +322,8 @@ try
 					$aTableRow['HeaderFields'] = utils::HtmlEntities($sField);
 					$aTableRow['HeaderMapipngs'] = BlockRenderer::RenderBlockTemplates(GetMappingForField($sClassName, $sField, $index, $bAdvanced, $sDefaultChoice));
 					$aTableRow['HeaderSearch'] = '<input id="search_'.$index.'" type="checkbox" name="search_field['.$index.']" value="1" />';
-					$aTableRow['DataLine1'] = (isset($aData[$iStartLine][$index - 1]) ? htmlentities($aData[$iStartLine][$index - 1], ENT_QUOTES, 'UTF-8') : '&nbsp;');
-					$aTableRow['DataLine2'] = (isset($aData[$iStartLine + 1][$index - 1]) ? htmlentities($aData[$iStartLine + 1][$index - 1], ENT_QUOTES, 'UTF-8') : '&nbsp;');
+					$aTableRow['DataLine1'] = (isset($aData[$iStartLine][$index - 1]) ? utils::EscapeHtml($aData[$iStartLine][$index - 1]) : '&nbsp;');
+					$aTableRow['DataLine2'] = (isset($aData[$iStartLine + 1][$index - 1]) ? utils::EscapeHtml($aData[$iStartLine + 1][$index - 1]) : '&nbsp;');
 					$aTableData[$index] = $aTableRow;
 					$index++;
 				}
diff --git a/pages/ajax.document.php b/pages/ajax.document.php
index 9257b0a26..3706532ba 100644
--- a/pages/ajax.document.php
+++ b/pages/ajax.document.php
@@ -107,7 +107,7 @@ try
 catch (Exception $e)
 {
 	// note: transform to cope with XSS attacks
-	echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
+	echo utils::EscapeHtml($e->GetMessage());
 	IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
 }
 
diff --git a/pages/ajax.render.php b/pages/ajax.render.php
index 72d2f942e..936384cc4 100644
--- a/pages/ajax.render.php
+++ b/pages/ajax.render.php
@@ -1439,7 +1439,7 @@ EOF;
 				$sEnlargeButton = '';
 				if ($bEnableEnlarge)
 				{
-					$sEnlargeButton = "&nbsp;<button onclick=\"".htmlentities($sEnlargeTheSearch, ENT_QUOTES, 'UTF-8')."\">".Dict::S('UI:Search:Enlarge')."</button>";
+					$sEnlargeButton = "&nbsp;<button onclick=\"".utils::EscapeHtml($sEnlargeTheSearch)."\">".Dict::S('UI:Search:Enlarge')."</button>";
 				}
 				if ($oSet->Count() > 0)
 				{
@@ -2229,17 +2229,16 @@ EOF
 						$iAttId = $oAttachment->DBInsert();
 
 						$aResult['uploaded'] = 1;
-						$aResult['msg'] = htmlentities($oDoc->GetFileName(), ENT_QUOTES, 'UTF-8');
+						$aResult['msg'] = utils::EscapeHtml($oDoc->GetFileName());
 						$aResult['fileName'] = $oDoc->GetFileName();
 						$aResult['url'] = utils::GetAbsoluteUrlAppRoot().INLINEIMAGE_DOWNLOAD_URL.$iAttId.'&s='.$oAttachment->Get('secret');
-						if (is_array($aDimensions))
-						{
+						if (is_array($aDimensions)) {
 							$aResult['width'] = $aDimensions['width'];
 							$aResult['height'] = $aDimensions['height'];
 						}
 
-                        IssueLog::Trace('InlineImage created', LogChannels::INLINE_IMAGE, array(
-	                        '$operation' => $operation,
+						IssueLog::Trace('InlineImage created', LogChannels::INLINE_IMAGE, array(
+							'$operation'   => $operation,
 	                        '$aResult' => $aResult,
 	                        'secret' => $oAttachment->Get('secret'),
 	                        'temp_id' => $sTempId,
@@ -2432,9 +2431,8 @@ EOF
 				while ($oAttachment = $oSet->Fetch())
 				{
 					$oDoc = $oAttachment->Get('contents');
-					if ($oDoc->GetMainMimeType() == 'image')
-					{
-						$sDocName = addslashes(htmlentities($oDoc->GetFileName(), ENT_QUOTES, 'UTF-8'));
+					if ($oDoc->GetMainMimeType() == 'image') {
+						$sDocName = addslashes(utils::EscapeHtml($oDoc->GetFileName()));
 						$iAttId = $oAttachment->GetKey();
 						$sSecret = $oAttachment->Get('secret');
 						$oPage->add("<div style=\"float:left;margin:1em;text-align:center;\"><img class=\"img-picker\" style=\"max-width:300px;cursor:zoom-in\" href=\"{$sImgUrl}{$iAttId}&s={$sSecret}\" alt=\"$sDocName\" title=\"$sDocName\" src=\"{$sImgUrl}{$iAttId}&s={$sSecret}\"><br/><button onclick=\"returnFileUrl($iAttId, '$sDocName', '$sSecret')\">$sInsertBtnLabel</button></div>");
@@ -2667,9 +2665,8 @@ EOF
 	}
 	$oKPI->ComputeAndReport('Data fetch and format');
 	$oPage->output();
-} catch (Exception $e)
-{
+} catch (Exception $e) {
 	// note: transform to cope with XSS attacks
-	echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
+	echo utils::EscapeHtml($e->GetMessage());
 	IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
 }
diff --git a/pages/ajax.searchform.php b/pages/ajax.searchform.php
index c63815c1e..82ba670bf 100644
--- a/pages/ajax.searchform.php
+++ b/pages/ajax.searchform.php
@@ -94,41 +94,33 @@ try
 		$oCollapsible = CollapsibleSectionUIBlockFactory::MakeStandard(Dict::S('UI:RunQuery:MoreInfo'));
 		$oPage->AddSubBlock($oCollapsible);
 
-		$oHtml = new Html(Dict::S('UI:RunQuery:DevelopedQuery').htmlentities($oFilter->ToOQL(), ENT_QUOTES, 'UTF-8'));
+		$oHtml = new Html(Dict::S('UI:RunQuery:DevelopedQuery').utils::EscapeHtml($oFilter->ToOQL()));
 		$oCollapsible->AddSubBlock($oHtml);
-
-		/*$oPage->StartCollapsibleSection(Dict::S('UI:RunQuery:MoreInfo'), false, 'SearchQuery');
-		$oPage->p(Dict::S('UI:RunQuery:DevelopedQuery').htmlentities($oFilter->ToOQL(), ENT_QUOTES, 'UTF-8'));
-		$oPage->EndCollapsibleSection();*/
 	}
 
 	$oPage->output();
 
-} catch (AjaxSearchException $e)
-{
+} catch (AjaxSearchException $e) {
 	http_response_code($e->getCode());
 	// note: transform to cope with XSS attacks
-	echo '<html><head></head><body><div>' . htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8') . '</div></body></html>';
+	echo '<html><head></head><body><div>'.utils::EscapeHtml($e->GetMessage()).'</div></body></html>';
 	IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
-} catch (SecurityException $e)
-{
+} catch (SecurityException $e) {
 	http_response_code(403);
 	// note: transform to cope with XSS attacks
-	echo '<html><head></head><body><div>' . htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8') . '</div></body></html>';
+	echo '<html><head></head><body><div>'.utils::EscapeHtml($e->GetMessage()).'</div></body></html>';
 	IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
-} catch (MySQLException $e)
-{
+} catch (MySQLException $e) {
 	http_response_code(500);
 	// Sanytize error:
 	$sMsg = $e->GetMessage();
 	$sMsg = preg_replace("@^.* mysql_error = @", '', $sMsg);
 	// note: transform to cope with XSS attacks
-	echo '<html><head></head><body><div>'.htmlentities($sMsg, ENT_QUOTES, 'utf-8').'</div></body></html>';
+	echo '<html><head></head><body><div>'.utils::EscapeHtml($sMsg).'</div></body></html>';
 	IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
-} catch (Exception $e)
-{
+} catch (Exception $e) {
 	http_response_code(500);
 	// note: transform to cope with XSS attacks
-	echo '<html><head></head><body><div>' . htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8') . '</div></body></html>';
+	echo '<html><head></head><body><div>'.utils::EscapeHtml($e->GetMessage()).'</div></body></html>';
 	IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
 }
\ No newline at end of file
diff --git a/pages/csvimport.php b/pages/csvimport.php
index 5c58d66bf..31b3e968d 100644
--- a/pages/csvimport.php
+++ b/pages/csvimport.php
@@ -374,7 +374,7 @@ try {
 		);
 		$oBulk->SetReportHtml();
 
-		$oPage->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", htmlentities($sCSVDataTruncated, ENT_QUOTES, 'UTF-8'), "csvdata_truncated"));
+		$oPage->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", utils::EscapeHtml($sCSVDataTruncated), "csvdata_truncated"));
 		$aRes = $oBulk->Process($oMyChange);
 
 		$aColumns = [];
@@ -527,19 +527,19 @@ try {
 
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("transaction_id", utils::GetNewTransactionId()));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("step", ($iCurrentStep + 1)));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("separator", htmlentities($sSeparator, ENT_QUOTES, 'UTF-8')));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("text_qualifier", htmlentities($sTextQualifier, ENT_QUOTES, 'UTF-8')));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("separator", utils::EscapeHtml($sSeparator)));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("text_qualifier", utils::EscapeHtml($sTextQualifier)));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("header_line", $bHeaderLine));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("nb_skipped_lines", utils::ReadParam('nb_skipped_lines', '0')));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("box_skiplines", utils::ReadParam('box_skiplines', '0')));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", htmlentities($sCSVDataTruncated, ENT_QUOTES, 'UTF-8'), "csvdata_truncated"));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata", htmlentities($sCSVData, ENT_QUOTES, 'UTF-8')));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", utils::EscapeHtml($sCSVDataTruncated), "csvdata_truncated"));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata", utils::EscapeHtml($sCSVData)));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("encoding", $sEncoding));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("synchro_scope", $sSynchroScope));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("class_name", $sClassName));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("advanced", $bAdvanced));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8')));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", htmlentities($sCustomDateTimeFormat, ENT_QUOTES, 'UTF-8')));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", utils::EscapeHtml($sDateTimeFormat)));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", utils::EscapeHtml($sCustomDateTimeFormat)));
 
 		if (!empty($sSynchroScope)) {
 			foreach ($aSynchroUpdate as $sKey => $value) {
@@ -644,7 +644,7 @@ try {
 			$oDlg = UIContentBlockUIBlockFactory::MakeStandard("dlg_confirmation")->SetHasForcedDiv(true);
 			$oPage->AddSubBlock($oDlg);
 			$oDlg->AddSubBlock(new Html($sMessage));
-			$oDlg->AddSubBlock(new Html(htmlentities(Dict::S('UI:CSVImportConfirmMessage'), ENT_QUOTES, 'UTF-8')));
+			$oDlg->AddSubBlock(new Html(utils::EscapeHtml(Dict::S('UI:CSVImportConfirmMessage'))));
 
 			$oDlgConfirm = UIContentBlockUIBlockFactory::MakeStandard("confirmation_chart")->SetHasForcedDiv(true);
 			$oDlg->AddSubBlock($oDlgConfirm);
@@ -791,7 +791,7 @@ EOF
 			$oField = FieldUIBlockFactory::MakeLarge(Dict::S('UI:CSVImport:LinesNotImported+'));
 			$oCollapsibleSection->AddSubBlock($oField);
 
-			$oText = new TextArea("", htmlentities(implode("\n", $aResult), ENT_QUOTES, 'UTF-8'), "", 150, 50);
+			$oText = new TextArea("", utils::EscapeHtml(implode("\n", $aResult)), "", 150, 50);
 			$oField->AddSubBlock($oText);
 		}
 	}
@@ -882,17 +882,17 @@ EOF
 		$oForm->AddSubBlock($oDivMapping);
 
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("step", "4"));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("separator", htmlentities($sSeparator, ENT_QUOTES, 'UTF-8')));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("text_qualifier", htmlentities($sTextQualifier, ENT_QUOTES, 'UTF-8')));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("separator", utils::EscapeHtml($sSeparator)));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("text_qualifier", utils::EscapeHtml($sTextQualifier)));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("header_line", $bHeaderLine));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("nb_skipped_lines", utils::ReadParam('nb_skipped_lines', '0')));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("box_skiplines", utils::ReadParam('box_skiplines', '0')));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", htmlentities($sCSVDataTruncated, ENT_QUOTES, 'UTF-8'), "csvdata_truncated"));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata", htmlentities($sCSVData, ENT_QUOTES, 'UTF-8')));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", utils::EscapeHtml($sCSVDataTruncated), "csvdata_truncated"));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata", utils::EscapeHtml($sCSVData)));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("encoding", $sEncoding));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("synchro_scope", $sSynchroScope));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8')));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", htmlentities($sCustomDateTimeFormat, ENT_QUOTES, 'UTF-8')));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", utils::EscapeHtml($sDateTimeFormat)));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", utils::EscapeHtml($sCustomDateTimeFormat)));
 
 		if (!empty($sSynchroScope)) {
 			foreach ($aSynchroUpdate as $sKey => $value) {
@@ -1259,10 +1259,10 @@ EOF
 			$sSeparator = "tab";
 		}
 		$sOtherSeparator = in_array($sSeparator, array(',', ';', "\t")) ? '' : $sSeparator;
-		$aSep['other'] = Dict::S('UI:CSVImport:SeparatorOther').' <input type="text" size="3" maxlength="1" name="other_separator"  id="other_separator" value="'.htmlentities($sOtherSeparator, ENT_QUOTES, 'UTF-8').'" onChange="DoPreview()"/>';
+		$aSep['other'] = Dict::S('UI:CSVImport:SeparatorOther').' <input type="text" size="3" maxlength="1" name="other_separator"  id="other_separator" value="'.utils::EscapeHtml($sOtherSeparator).'" onChange="DoPreview()"/>';
 
 		foreach ($aSep as $sVal => $sLabel) {
-			$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "separator", htmlentities($sVal, ENT_QUOTES, 'UTF-8'), $sLabel, "radio");
+			$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "separator", utils::EscapeHtml($sVal), $sLabel, "radio");
 			$oRadio->GetInput()->SetIsChecked(($sVal == $sSeparator));
 			$oRadio->SetBeforeInput(false);
 			$oRadio->GetInput()->AddCSSClass('ibo-input--label-right');
@@ -1277,13 +1277,12 @@ EOF
 		$oMulticolumn->AddColumn(ColumnUIBlockFactory::MakeForBlock($oFieldSetTextQualifier));
 
 		$aQualifiers = array(
-			'"' => Dict::S('UI:CSVImport:QualifierDoubleQuote+'),
+			'"'  => Dict::S('UI:CSVImport:QualifierDoubleQuote+'),
 			'\'' => Dict::S('UI:CSVImport:QualifierSimpleQuote+'),
 		);
-		$aQualifiers['other'] = Dict::S('UI:CSVImport:QualifierOther').' <input type="text" size="3" maxlength="1" name="other_qualifier" value="'.htmlentities($sOtherTextQualifier, ENT_QUOTES, 'UTF-8').'" onChange="DoPreview()/>';
-		//	<input type="text" size="3" maxlength="1" name="other_qualifier"  value="'.htmlentities($sOtherTextQualifier, ENT_QUOTES, 'UTF-8').'" onChange="DoPreview()"/>
+		$aQualifiers['other'] = Dict::S('UI:CSVImport:QualifierOther').' <input type="text" size="3" maxlength="1" name="other_qualifier" value="'.utils::EscapeHtml($sOtherTextQualifier).'" onChange="DoPreview()/>';
 		foreach ($aQualifiers as $sVal => $sLabel) {
-			$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "text_qualifier", htmlentities($sVal, ENT_QUOTES, 'UTF-8'), $sLabel, "radio");
+			$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "text_qualifier", utils::EscapeHtml($sVal), $sLabel, "radio");
 			$oRadio->GetInput()->SetIsChecked(($sVal == $sTextQualifier));
 			$oRadio->SetBeforeInput(false);
 			$oRadio->GetInput()->AddCSSClass('ibo-input-checkbox');
@@ -1320,8 +1319,8 @@ EOF
 		$sDateTimeFormat = utils::ReadParam('date_time_format', 'default');
 		$sCustomDateTimeFormat = utils::ReadParam('custom_date_time_format', (string)AttributeDateTime::GetFormat(), false, 'raw_data');
 
-		$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-		$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+		$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+		$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 		$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('UI:CSVImport:DefaultDateTimeFormat_Format_Example', $sDefaultFormat, $sExample), "date_time_format", "default", "radio_date_time_std", "radio");
 		$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 		$oRadioDefault->SetBeforeInput(false);
@@ -1329,7 +1328,7 @@ EOF
 		$oFieldSetDate->AddSubBlock($oRadioDefault);
 		$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-		$sFormatInput = '<input type="text" size="15" name="custom_date_time_format" id="excel_custom_date_time_format" title="" value="'.htmlentities($sCustomDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+		$sFormatInput = '<input type="text" size="15" name="custom_date_time_format" id="excel_custom_date_time_format" title="" value="'.utils::EscapeHtml($sCustomDateTimeFormat).'"/>';
 		$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('UI:CSVImport:CustomDateTimeFormat', $sFormatInput), "date_time_format", "custom", "radio_date_time_custom", "radio");
 		$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 		$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
@@ -1340,8 +1339,8 @@ EOF
 		$oPage->add_ready_script("$('#custom_date_time_format').on('click', function() { DoPreview(); });");
 		$oPage->add_ready_script("$('#radio_date_time_std').on('click', function() { DoPreview(); });");
 
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", htmlentities($sCSVDataTruncated, ENT_QUOTES, 'UTF-8'), "csvdata_truncated"));
-		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata", htmlentities($sUTF8Data, ENT_QUOTES, 'UTF-8'), 'csvdata'));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata_truncated", utils::EscapeHtml($sCSVDataTruncated), "csvdata_truncated"));
+		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("csvdata", utils::EscapeHtml($sUTF8Data), 'csvdata'));
 		// The encoding has changed, keep that information within the wizard
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("encoding", "UTF-8"));
 		$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("class_name", $sClassName));
@@ -1530,10 +1529,10 @@ EOF
 
 		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("encoding", 'UTF-8'));
 		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("step", '2'));
-		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("separator", htmlentities($sSeparator, ENT_QUOTES, 'UTF-8')));
-		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("text_qualifier", htmlentities($sTextQualifier, ENT_QUOTES, 'UTF-8')));
-		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8')));
-		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", htmlentities($sCustomDateTimeFormat, ENT_QUOTES, 'UTF-8')));
+		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("separator", utils::EscapeHtml($sSeparator)));
+		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("text_qualifier", utils::EscapeHtml($sTextQualifier)));
+		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", utils::EscapeHtml($sDateTimeFormat)));
+		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", utils::EscapeHtml($sCustomDateTimeFormat)));
 		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("header_line", $bHeaderLine));
 		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("nb_skipped_lines", utils::ReadParam('nb_skipped_lines', '0')));
 		$oFormPaste->AddSubBlock(InputUIBlockFactory::MakeForHidden("box_skiplines", utils::ReadParam('box_skiplines', '0')));
diff --git a/setup/modelfactory.class.inc.php b/setup/modelfactory.class.inc.php
index 0b03e8028..611dde03f 100644
--- a/setup/modelfactory.class.inc.php
+++ b/setup/modelfactory.class.inc.php
@@ -1822,7 +1822,7 @@ EOF;
 		echo " <tr>\n";
 		echo "  <td width=\"50%\">\n";
 		echo "   <h4>DOM - Original values</h4>\n";
-		echo "   <pre>".htmlentities($sDOMOriginal)."</pre>\n";
+		echo "   <pre>".utils::EscapeHtml($sDOMOriginal)."</pre>\n";
 		echo "  </td>\n";
 		echo "  <td width=\"50%\" align=\"left\" valign=\"center\"><span style=\"$sArrStyle\">&rArr; &rArr; &rArr;</span></td>\n";
 		echo " </tr>\n";
@@ -1830,17 +1830,17 @@ EOF;
 		echo " <tr>\n";
 		echo "  <td width=\"50%\">\n";
 		echo "   <h4>DOM - Altered with various changes</h4>\n";
-		echo "   <pre>".htmlentities($sDOMModified)."</pre>\n";
+		echo "   <pre>".utils::EscapeHtml($sDOMModified)."</pre>\n";
 		echo "  </td>\n";
 		echo "  <td width=\"50%\">\n";
 		echo "   <h4>DOM - Rebuilt from the Delta</h4>\n";
-		echo "   <pre>".htmlentities($sDOMRebuilt)."</pre>\n";
+		echo "   <pre>".utils::EscapeHtml($sDOMRebuilt)."</pre>\n";
 		echo "  </td>\n";
 		echo " </tr>\n";
 		echo " <tr><td align=\"center\"><span style=\"$sArrStyle\">&dArr;</div></td><td align=\"center\"><span style=\"$sArrStyle\">&uArr;</div></td></tr>\n";
 		echo "  <td width=\"50%\">\n";
 		echo "   <h4>Delta (Computed by ModelFactory)</h4>\n";
-		echo "   <pre>".htmlentities($sDeltaXML)."</pre>\n";
+		echo "   <pre>".utils::EscapeHtml($sDeltaXML)."</pre>\n";
 		echo "  </td>\n";
 		echo "  <td width=\"50%\" align=\"left\" valign=\"center\"><span style=\"$sArrStyle\">&rArr; &rArr; &rArr;</span></td>\n";
 		echo " </tr>\n";
diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php
index 093f9f8ce..725214e0c 100644
--- a/setup/setuputils.class.inc.php
+++ b/setup/setuputils.class.inc.php
@@ -1020,23 +1020,21 @@ class SetupUtils
 
 		//-- DB connection params
 		$oPage->add('<tbody>');
-		$oPage->add('<tr><td>Server Name:</td><td><input id="db_server" class="ibo-input" type="text" name="db_server" value="'.htmlentities($sDBServer, ENT_QUOTES, 'UTF-8').'" size="15"/></td><td><i class="fas fa-question-circle setup-input--hint--icon" data-tooltip-content="E.g. \'localhost\', \'dbserver.mycompany.com\' or \'192.142.10.23\'"></i></td></tr>');
-		$oPage->add('<tr><td>Login:</td><td><input id="db_user" class="ibo-input" type="text" name="db_user" value="'
-			.htmlentities($sDBUser, ENT_QUOTES, 'UTF-8')
+		$oPage->add('<tr><td>Server Name:</td><td><input id="db_server" class="ibo-input" type="text" name="db_server" value="'.utils::EscapeHtml($sDBServer).'" size="15"/></td><td><i class="fas fa-question-circle setup-input--hint--icon" data-tooltip-content="E.g. \'localhost\', \'dbserver.mycompany.com\' or \'192.142.10.23\'"></i></td></tr>');
+		$oPage->add('<tr><td>Login:</td><td><input id="db_user" class="ibo-input" type="text" name="db_user" value="'.utils::EscapeHtml($sDBUser)
 			.'" size="15"/></td><td><i class="fas fa-question-circle setup-input--hint--icon" data-tooltip-content="The account must have the following privileges on the database: SELECT, INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, CREATE VIEW, SHOW VIEW, LOCK TABLE, SUPER, TRIGGER"></i></td></tr>');
-		$oPage->add('<tr><td>Password:</td><td><input id="db_pwd" class="ibo-input" autocomplete="off" type="password" name="db_pwd" value="'.htmlentities($sDBPwd, ENT_QUOTES, 'UTF-8').'" size="15"/></td></tr>');
+		$oPage->add('<tr><td>Password:</td><td><input id="db_pwd" class="ibo-input" autocomplete="off" type="password" name="db_pwd" value="'.utils::EscapeHtml($sDBPwd).'" size="15"/></td></tr>');
 		$oPage->add('</tbody></table>');
 
 		//-- TLS params (N°1260)
 		$sTlsEnabledChecked = $bTlsEnabled ? ' checked' : '';
-		$sTlsCaDisabled     = $bTlsEnabled ? '' : ' disabled';
+		$sTlsCaDisabled = $bTlsEnabled ? '' : ' disabled';
 		$oPage->add('<div id="tls_options" class="collapsable-options">');
 		$oPage->add('<span data-role="setup-collapsable-options--toggler"><img id="db_tls_img"><label>Use TLS encrypted connection</label></span>');
 		$oPage->add('<div class="message message-error" style="display:none;">Before configuring MySQL with TLS encryption, read the documentation <a href="'.$sMysqlTlsWikiPageUrl.'" target="_blank">on Combodo\'s Wiki</a></div>');
 		$oPage->add('<label style="display:none;"><input id="db_tls_enabled" type="checkbox" '.$sTlsEnabledChecked.' name="db_tls_enabled" value="1"> Encrypted connection enabled</label>');
 		$oPage->add('<div class="setup-tls--input--container" style="display:none">SSL CA:');
-		$oPage->add('<input id="db_tls_ca" class="ibo-input" autocomplete="off" type="text" name="db_tls_ca" value="'.htmlentities($sTlsCA,
-				ENT_QUOTES, 'UTF-8').'" size="15"'.$sTlsCaDisabled.'>');
+		$oPage->add('<input id="db_tls_ca" class="ibo-input" autocomplete="off" type="text" name="db_tls_ca" value="'.utils::EscapeHtml($sTlsCA,).'" size="15"'.$sTlsCaDisabled.'>');
 		$oPage->add('Path to certificate authority file for SSL</div>');
 		$oPage->add('</div>');
 
@@ -1047,22 +1045,18 @@ class SetupUtils
 		$oPage->add('');
 		$oPage->add('<fieldset><legend>Database</legend>');
 		$oPage->add('<table>');
-		if ($bIsItopInstall)
-		{
+		if ($bIsItopInstall) {
 			$oPage->add('<tr><td><input type="radio" id="create_db" name="create_db" value="yes"/><label for="create_db">&nbsp;Create a new database:</label></td>');
-			$oPage->add('<td><input id="db_new_name" class="ibo-input" type="text" name="db_new_name" value="'.htmlentities($sNewDBName, ENT_QUOTES, 'UTF-8').'" size="15" maxlength="32"/><span style="width:20px;" id="v_db_new_name"></span></td></tr>');
+			$oPage->add('<td><input id="db_new_name" class="ibo-input" type="text" name="db_new_name" value="'.utils::EscapeHtml($sNewDBName).'" size="15" maxlength="32"/><span style="width:20px;" id="v_db_new_name"></span></td></tr>');
 			$oPage->add('<tr><td><input type="radio" id="existing_db" name="create_db" value="no"/><label for="existing_db">&nbsp;Use the existing database:</label></td>');
-			$oPage->add('<td id="db_name_container" class="ibo-input-select-wrapper"><input id="db_name" class="ibo-input ibo-input-select" name="db_name" size="15" maxlen="32" value="'.htmlentities($sDBName, ENT_QUOTES, 'UTF-8').'"/><span style="width:20px;" id="v_db_name"></span></td></tr>');
-		}
-		else
-		{
-			$oPage->add('<tr><td>Database Name:</td><td id="db_name_container" class="ibo-input-select-wrapper"><input id="db_name" class="ibo-input ibo-input-select" name="db_name" size="15" maxlen="32" value="'.htmlentities($sDBName, ENT_QUOTES, 'UTF-8').'"/><span style="width:20px;" id="v_db_name"></span></td></tr>');
+			$oPage->add('<td id="db_name_container" class="ibo-input-select-wrapper"><input id="db_name" class="ibo-input ibo-input-select" name="db_name" size="15" maxlen="32" value="'.utils::EscapeHtml($sDBName).'"/><span style="width:20px;" id="v_db_name"></span></td></tr>');
+		} else {
+			$oPage->add('<tr><td>Database Name:</td><td id="db_name_container" class="ibo-input-select-wrapper"><input id="db_name" class="ibo-input ibo-input-select" name="db_name" size="15" maxlen="32" value="'.utils::EscapeHtml($sDBName).'"/><span style="width:20px;" id="v_db_name"></span></td></tr>');
 		}
 		$oPage->add('</table>');
 		$oPage->add('<div id="prefix_option" class="collapsable-options">');
 		$oPage->add('<span data-role="setup-collapsable-options--toggler"><label style="font-weight: normal;"><img>Use shared database</label></span>');
-		$oPage->add('<div class="setup-prefix-toggler--input--container" style="display:none">Use a prefix for the tables:<input id="db_prefix" class="ibo-input" type="text" name="db_prefix" value="'.htmlentities($sDBPrefix,
-				ENT_QUOTES, 'UTF-8').'" size="15"/><span style="width:20px;" id="v_db_prefix"></span></div>');
+		$oPage->add('<div class="setup-prefix-toggler--input--container" style="display:none">Use a prefix for the tables:<input id="db_prefix" class="ibo-input" type="text" name="db_prefix" value="'.utils::EscapeHtml($sDBPrefix).'" size="15"/><span style="width:20px;" id="v_db_prefix"></span></div>');
 		$oPage->add('</div>');
 		$oPage->add('</fieldset>');
 		$oPage->add('<span id="table_info"></span>');
@@ -1476,23 +1470,18 @@ JS
 					}
 				}
 
-				if ($checks['databases'] == null)
-				{
-					$sDBNameInput = '<input id="db_name" name="db_name" size="15" maxlen="32" value="'.htmlentities($sDBName, ENT_QUOTES, 'UTF-8').'"/><span style="width:20px;" id="v_db_name"></span>';
+				if ($checks['databases'] == null) {
+					$sDBNameInput = '<input id="db_name" name="db_name" size="15" maxlen="32" value="'.utils::EscapeHtml($sDBName).'"/><span style="width:20px;" id="v_db_name"></span>';
 					$oPage->add_ready_script(
-<<<JS
+						<<<JS
 $("#table_info").html('<div class="message message-error"><span class="message-title">Error:</span>Not enough rights to enumerate the databases</div>');
 JS
 					);
-				}
-				else
-				{
+				} else {
 					$sDBNameInput = '<select id="db_name" class="ibo-input ibo-input-select" name="db_name">';
-					foreach ($checks['databases'] as $sDatabaseName)
-					{
-						if ($sDatabaseName != 'information_schema')
-						{
-							$sEncodedName = htmlentities($sDatabaseName, ENT_QUOTES, 'UTF-8');
+					foreach ($checks['databases'] as $sDatabaseName) {
+						if ($sDatabaseName != 'information_schema') {
+							$sEncodedName = utils::EscapeHtml($sDatabaseName);
 							$sSelected = ($sDatabaseName == $sDBName) ? ' selected ' : '';
 							$sDBNameInput .= '<option value="'.$sEncodedName.'" '.$sSelected.'>'.$sEncodedName.'</option>';
 						}
@@ -1541,8 +1530,7 @@ JS
 		$aLanguages = SetupUtils::GetAvailableLanguages($sSourceDir);
 		foreach ($aLanguages as $sCode => $aInfo) {
 			$sSelected = ($sCode == $sDefaultLanguageCode) ? 'selected ' : '';
-			$sHtml .= '<option value="'.$sCode.'" '.$sSelected.'>'.htmlentities($aInfo['description'], ENT_QUOTES,
-					'UTF-8').' ('.htmlentities($aInfo['localized_description'], ENT_QUOTES, 'UTF-8').')</option>';
+			$sHtml .= '<option value="'.$sCode.'" '.$sSelected.'>'.utils::EscapeHtml($aInfo['description']).' ('.utils::EscapeHtml($aInfo['localized_description']).')</option>';
 		}
 		$sHtml .= '</select></div>';
 
diff --git a/setup/wizardcontroller.class.inc.php b/setup/wizardcontroller.class.inc.php
index 7275a115f..ca4664323 100644
--- a/setup/wizardcontroller.class.inc.php
+++ b/setup/wizardcontroller.class.inc.php
@@ -201,25 +201,22 @@ HTML;
 		$oPage->add('<div class="ibo-setup--wizard--content">');
 		$oStep->Display($oPage);
 		$oPage->add('</div>');
-		
+
 		// Add the back / next buttons and the hidden form
 		// to store the parameters
 		$oPage->add('<input type="hidden" id="_class" name="_class" value="'.get_class($oStep).'"/>');
 		$oPage->add('<input type="hidden" id="_state" name="_state" value="'.$oStep->GetState().'"/>');
-		foreach($this->aParameters as $sCode => $value)
-		{
-			$oPage->add('<input type="hidden" name="_params['.$sCode.']" value="'.htmlentities($value, ENT_QUOTES, 'UTF-8').'"/>');
+		foreach ($this->aParameters as $sCode => $value) {
+			$oPage->add('<input type="hidden" name="_params['.$sCode.']" value="'.utils::EscapeHtml($value).'"/>');
 		}
 
-		$oPage->add('<input type="hidden" name="_steps" value="'.htmlentities(json_encode($this->aSteps), ENT_QUOTES, 'UTF-8').'"/>');
+		$oPage->add('<input type="hidden" name="_steps" value="'.utils::EscapeHtml(json_encode($this->aSteps)).'"/>');
 		$oPage->add('<table style="width:100%;" class="ibo-setup--wizard--buttons-container"><tr>');
-		if ((count($this->aSteps) > 0) && ($oStep->CanMoveBackward()))
-		{
+		if ((count($this->aSteps) > 0) && ($oStep->CanMoveBackward())) {
 			$oPage->add('<td style="text-align: left"><button id="btn_back" class="ibo-button ibo-is-alternative ibo-is-neutral" type="submit" name="operation" value="back"><span class="ibo-button--label">Back</span></button></td>');
 		}
-		if ($oStep->CanMoveForward())
-		{
-			$oPage->add('<td style="text-align:right;"><button id="btn_next" class="default ibo-button ibo-is-regular ibo-is-primary" type="submit" name="operation" value="next"><span class="ibo-button--label">'.htmlentities($oStep->GetNextButtonLabel(), ENT_QUOTES, 'UTF-8').'</span></button></td>');
+		if ($oStep->CanMoveForward()) {
+			$oPage->add('<td style="text-align:right;"><button id="btn_next" class="default ibo-button ibo-is-regular ibo-is-primary" type="submit" name="operation" value="next"><span class="ibo-button--label">'.utils::EscapeHtml($oStep->GetNextButtonLabel()).'</span></button></td>');
 		}
 		$oPage->add('</tr></table>');
 		$oPage->add("</form>");
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index d01d7aab2..681cd0b55 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -304,13 +304,10 @@ HTML
 		$sChecked = ($bCanBackup && $bDBBackup) ? ' checked ' : '';
 		$sDisabled = $bCanBackup ? '' : ' disabled ';
 		$oPage->add('<input id="db_backup" type="checkbox" name="db_backup" '.$sChecked.$sDisabled.' value="1"/><label for="db_backup">Backup the '.ITOP_APPLICATION.' database before upgrading</label>');
-		$oPage->add('<div class="setup-backup--input--container">Save the backup to:<input id="db_backup_path" class="ibo-input" type="text" name="db_backup_path" 
-'.$sDisabled.'value="'
-			.htmlentities($sDBBackupPath, ENT_QUOTES, 'UTF-8').'"/></div>');
+		$oPage->add('<div class="setup-backup--input--container">Save the backup to:<input id="db_backup_path" class="ibo-input" type="text" name="db_backup_path" '.$sDisabled.'value="'.utils::EscapeHtml($sDBBackupPath).'"/></div>');
 		$fFreeSpace = SetupUtils::CheckDiskSpace($sDBBackupPath);
 		$sMessage = '';
-		if ($fFreeSpace !== false)
-		{
+		if ($fFreeSpace !== false) {
 			$sMessage .= SetupUtils::HumanReadableSize($fFreeSpace).' free in '.dirname($sDBBackupPath);
 		}
 		$oPage->add($sMySQLDumpMessage.'<span id="backup_info" style="font-size:small;color:#696969;">'.$sMessage.'</span>');
@@ -332,17 +329,16 @@ JS
 		switch($sCode)
 		{
 			case 'check_path':
-			$sPreviousVersionDir = $aParameters['previous_version_dir'];
-			$aPreviousInstance = SetupUtils::GetPreviousInstance($sPreviousVersionDir);
-			if ($aPreviousInstance['found'])
-			{
-				$sDBServer = htmlentities($aPreviousInstance['db_server'], ENT_QUOTES, 'UTF-8');
-				$sDBUser = htmlentities($aPreviousInstance['db_user'], ENT_QUOTES, 'UTF-8');
-				$sDBPwd = htmlentities($aPreviousInstance['db_pwd'], ENT_QUOTES, 'UTF-8');
-				$sDBName = htmlentities($aPreviousInstance['db_name'], ENT_QUOTES, 'UTF-8');
-				$sDBPrefix = htmlentities($aPreviousInstance['db_prefix'], ENT_QUOTES, 'UTF-8');
-				$oPage->add_ready_script(
-<<<EOF
+				$sPreviousVersionDir = $aParameters['previous_version_dir'];
+				$aPreviousInstance = SetupUtils::GetPreviousInstance($sPreviousVersionDir);
+				if ($aPreviousInstance['found']) {
+					$sDBServer = utils::EscapeHtml($aPreviousInstance['db_server']);
+					$sDBUser = utils::EscapeHtml($aPreviousInstance['db_user']);
+					$sDBPwd = utils::EscapeHtml($aPreviousInstance['db_pwd']);
+					$sDBName = utils::EscapeHtml($aPreviousInstance['db_name']);
+					$sDBPrefix = utils::EscapeHtml($aPreviousInstance['db_prefix']);
+					$oPage->add_ready_script(
+						<<<EOF
 	$("#db_server").val('$sDBServer');
 	$("#db_user").val('$sDBUser');
 	$("#db_pwd").val('$sDBPwd');
@@ -350,7 +346,7 @@ JS
 	$("#db_prefix").val('$sDBPrefix');
 	$("#db_pwd").trigger('change'); // Forces check of the DB connection
 EOF
-				);
+					);
 			}
 			break;
 
@@ -359,21 +355,18 @@ EOF
 			break;
 
 			case 'check_backup':
-			$sDBBackupPath = $aParameters['db_backup_path'];
-			$fFreeSpace = SetupUtils::CheckDiskSpace($sDBBackupPath);
-			if ($fFreeSpace !== false)
-			{
-				$sMessage = htmlentities(SetupUtils::HumanReadableSize($fFreeSpace).' free in '.dirname($sDBBackupPath), ENT_QUOTES, 'UTF-8');
-				$oPage->add_ready_script(
-<<<EOF
+				$sDBBackupPath = $aParameters['db_backup_path'];
+				$fFreeSpace = SetupUtils::CheckDiskSpace($sDBBackupPath);
+				if ($fFreeSpace !== false) {
+					$sMessage = utils::EscapeHtml(SetupUtils::HumanReadableSize($fFreeSpace).' free in '.dirname($sDBBackupPath));
+					$oPage->add_ready_script(
+						<<<EOF
 	$("#backup_info").html('$sMessage');
 EOF
-				);
-			}
-			else
-			{
-				$oPage->add_ready_script(
-<<<EOF
+					);
+				} else {
+					$oPage->add_ready_script(
+						<<<EOF
 	$("#backup_info").html('');
 EOF
 				);
@@ -547,8 +540,7 @@ EOF
 				// Check if the previous version is a "genuine" one or not...
 				$aChanges = SetupUtils::CheckVersion($sInstalledDataModelVersion, $sPreviousVersionDir.'/'.$sPreviousSourceDir);
 			}
-			if (($aChanges !== false) && ( (count($aChanges['added']) > 0) || (count($aChanges['removed']) > 0) || (count($aChanges['modified']) > 0)) )
-			{
+			if (($aChanges !== false) && ( (count($aChanges['added']) > 0) || (count($aChanges['removed']) > 0) || (count($aChanges['modified']) > 0)) ) {
 				// Some changes were detected, prompt the user to keep or discard them
 				$oPage->p("<img src=\"../images/error.png\"/>&nbsp;Some modifications were detected between the ".ITOP_APPLICATION." version in '$sPreviousVersionDir' and a genuine $sInstalledVersion version.");
 				$oPage->p("What do you want to do?");
@@ -558,41 +550,36 @@ EOF
 				$sChecked = ($this->oWizard->GetParameter('upgrade_type') == 'keep-previous') ? ' checked ' : '';
 				$sDisabled = (count($aErrors) > 0) ? ' disabled ' : '';
 
-                $oPage->p('<input id="radio_upgrade_keep" type="radio" name="upgrade_type" value="keep-previous" '.$sChecked.$sDisabled.'/><label for="radio_upgrade_keep">&nbsp;Preserve the modifications of the installed version (the dasboards inside '.ITOP_APPLICATION.' may not be editable).</label>');
-				$oPage->add('<input type="hidden" name="datamodel_previous_version" value="'.htmlentities($sInstalledDataModelVersion, ENT_QUOTES, 'UTF-8').'">');
+				$oPage->p('<input id="radio_upgrade_keep" type="radio" name="upgrade_type" value="keep-previous" '.$sChecked.$sDisabled.'/><label for="radio_upgrade_keep">&nbsp;Preserve the modifications of the installed version (the dasboards inside '.ITOP_APPLICATION.' may not be editable).</label>');
+				$oPage->add('<input type="hidden" name="datamodel_previous_version" value="'.utils::EscapeHtml($sInstalledDataModelVersion).'">');
 
-				$oPage->add('<input type="hidden" name="relative_source_dir" value="'.htmlentities($sPreviousSourceDir, ENT_QUOTES, 'UTF-8').'">');
+				$oPage->add('<input type="hidden" name="relative_source_dir" value="'.utils::EscapeHtml($sPreviousSourceDir).'">');
 
-				if (count($aErrors) > 0)
-				{
+				if (count($aErrors) > 0) {
 					$oPage->p("Cannot copy the installed version due to the following access rights issue(s):");
-					foreach($aErrors as $sDir => $oCheckResult)
-					{
+					foreach ($aErrors as $sDir => $oCheckResult) {
 						$oPage->p('<img src="../images/error.png"/>&nbsp;'.$oCheckResult->sLabel);
 					}
 				}
 
 				$sChecked = ($this->oWizard->GetParameter('upgrade_type') == 'use-compatible') ? ' checked ' : '';
 
-                $oPage->p('<input id="radio_upgrade_convert" type="radio" name="upgrade_type" value="use-compatible" '.$sChecked.'/><label for="radio_upgrade_convert">&nbsp;Discard the modifications, use a standard '.$sUpgradeDMVersion.' data model.</label>');
+				$oPage->p('<input id="radio_upgrade_convert" type="radio" name="upgrade_type" value="use-compatible" '.$sChecked.'/><label for="radio_upgrade_convert">&nbsp;Discard the modifications, use a standard '.$sUpgradeDMVersion.' data model.</label>');
 
-				$oPage->add('<input type="hidden" name="datamodel_path" value="'.htmlentities($sCompatibleDMDir, ENT_QUOTES, 'UTF-8').'">');
-				$oPage->add('<input type="hidden" name="datamodel_version" value="'.htmlentities($sUpgradeDMVersion, ENT_QUOTES, 'UTF-8').'">');
+				$oPage->add('<input type="hidden" name="datamodel_path" value="'.utils::EscapeHtml($sCompatibleDMDir).'">');
+				$oPage->add('<input type="hidden" name="datamodel_version" value="'.utils::EscapeHtml($sUpgradeDMVersion).'">');
 
 				$oPage->add('<div id="changes_summary"><div class="closed"><span class="title">Details of the modifications</span><div>');
-				if (count($aChanges['added']) > 0)
-				{
+				if (count($aChanges['added']) > 0) {
 					$oPage->add('<ul>New files added:');
-					foreach($aChanges['added'] as $sFilePath => $void)
-					{
+					foreach ($aChanges['added'] as $sFilePath => $void) {
 						$oPage->add('<li>'.$sFilePath.'</li>');
 					}
 					$oPage->add('</ul>');
 				}
-				if (count($aChanges['removed']) > 0)
-				{
+				if (count($aChanges['removed']) > 0) {
 					$oPage->add('<ul>Deleted files:');
-					foreach($aChanges['removed'] as $sFilePath => $void)
+					foreach ($aChanges['removed'] as $sFilePath => $void)
 					{
 						$oPage->add('<li>'.$sFilePath.'</li>');
 					}
@@ -917,9 +904,9 @@ class WizStepAdminAccount extends WizardStep
 		$oPage->add('<fieldset>');
 		$oPage->add('<legend>Administrator Account</legend>');
 		$oPage->add('<table>');
-		$oPage->add('<tr><td>Login: </td><td><input id="admin_user" class="ibo-input" name="admin_user" type="text" size="25" maxlength="64" value="'.htmlentities($sAdminUser, ENT_QUOTES, 'UTF-8').'"><span id="v_admin_user"/></td></tr>');
-		$oPage->add('<tr><td>Password: </td><td><input id="admin_pwd" class="ibo-input"  autocomplete="off" name="admin_pwd" type="password" size="25" maxlength="64" value="'.htmlentities($sAdminPwd, ENT_QUOTES, 'UTF-8').'"><span id="v_admin_pwd"/></td></tr>');
-		$oPage->add('<tr><td>Confirm password: </td><td><input id="confirm_pwd" class="ibo-input"  autocomplete="off" name="confirm_pwd" type="password" size="25" maxlength="64" value="'.htmlentities($sConfirmPwd, ENT_QUOTES, 'UTF-8').'"></td></tr>');
+		$oPage->add('<tr><td>Login: </td><td><input id="admin_user" class="ibo-input" name="admin_user" type="text" size="25" maxlength="64" value="'.utils::EscapeHtml($sAdminUser).'"><span id="v_admin_user"/></td></tr>');
+		$oPage->add('<tr><td>Password: </td><td><input id="admin_pwd" class="ibo-input"  autocomplete="off" name="admin_pwd" type="password" size="25" maxlength="64" value="'.utils::EscapeHtml($sAdminPwd).'"><span id="v_admin_pwd"/></td></tr>');
+		$oPage->add('<tr><td>Confirm password: </td><td><input id="confirm_pwd" class="ibo-input"  autocomplete="off" name="confirm_pwd" type="password" size="25" maxlength="64" value="'.utils::EscapeHtml($sConfirmPwd).'"></td></tr>');
 		$sSourceDir = APPROOT.'dictionaries/';
 		$aLanguages = SetupUtils::GetAvailableLanguages($sSourceDir);
 		$oPage->add('<tr><td>Language: </td><td>');
@@ -928,7 +915,7 @@ class WizStepAdminAccount extends WizardStep
 		$oPage->add('</table>');
 		$oPage->add('</fieldset>');
 		$oPage->add_ready_script(
-<<<EOF
+			<<<EOF
 		$('#admin_user').bind('change keyup', function() { WizardUpdateButtons(); } );
 		$('#admin_pwd').bind('change keyup', function() { WizardUpdateButtons(); } );
 		$('#confirm_pwd').bind('change keyup', function() { WizardUpdateButtons(); } );
@@ -1049,29 +1036,29 @@ class WizStepInstallMiscParams extends AbstractWizStepMiscParams
 		$oPage->add('<fieldset>');
 		$oPage->add('<legend>Application URL</legend>');
 		$oPage->add('<table>');
-		$oPage->add('<tr><td>URL: </td><td><input id="application_url" class="ibo-input" name="application_url" type="text" size="35" maxlength="1024" value="'.htmlentities($sApplicationURL, ENT_QUOTES, 'UTF-8').'" style="width: 100%;box-sizing: border-box;"><span id="v_application_url"/></td><tr>');
+		$oPage->add('<tr><td>URL: </td><td><input id="application_url" class="ibo-input" name="application_url" type="text" size="35" maxlength="1024" value="'.utils::EscapeHtml($sApplicationURL).'" style="width: 100%;box-sizing: border-box;"><span id="v_application_url"/></td><tr>');
 		$oPage->add('</table>');
 		$oPage->add('<div class="message message-warning">Change the value above if the end-users will be accessing the application by another path due to a specific configuration of the web server.</div>');
 		$oPage->add('</fieldset>');
 		$oPage->add('<fieldset>');
 		$oPage->add('<legend>Path to Graphviz\' dot application</legend>');
 		$oPage->add('<table>');
-		$oPage->add('<tr><td>Path: </td><td><input id="graphviz_path" class="ibo-input" name="graphviz_path" type="text" size="35" maxlength="1024" value="'.htmlentities($sGraphvizPath, ENT_QUOTES, 'UTF-8').'" style="width: 100%;box-sizing: border-box;"><span id="v_graphviz_path"/></td>');
+		$oPage->add('<tr><td>Path: </td><td><input id="graphviz_path" class="ibo-input" name="graphviz_path" type="text" size="35" maxlength="1024" value="'.utils::EscapeHtml($sGraphvizPath).'" style="width: 100%;box-sizing: border-box;"><span id="v_graphviz_path"/></td>');
 		$oPage->add('<td><i class="fas fa-question-circle setup-input--hint--icon" data-tooltip-content="Graphviz is required to display the impact analysis graph (i.e. impacts / depends on)."></i></td><tr>');
 		$oPage->add('</table>');
 		$oPage->add('<span id="graphviz_status"></span>');
 		$oPage->add('</fieldset>');
 		$oPage->add('<fieldset>');
 		$oPage->add('<legend>Sample Data</legend>');
-        $sChecked = ($sSampleData == 'yes') ? 'checked ' : '';
-        $oPage->p('<input id="sample_data_yes" name="sample_data" type="radio" value="yes" '.$sChecked.'><label for="sample_data_yes">&nbsp;I am installing a <b>demo or test</b> instance, populate the database with some demo data.');
-        $sChecked = ($sSampleData == 'no') ? 'checked ' : '';
-        $oPage->p('<input id="sample_data_no" name="sample_data" type="radio" value="no" '.$sChecked.'><label for="sample_data_no">&nbsp;I am installing a <b>production</b> instance, create an empty database to start from.');
+		$sChecked = ($sSampleData == 'yes') ? 'checked ' : '';
+		$oPage->p('<input id="sample_data_yes" name="sample_data" type="radio" value="yes" '.$sChecked.'><label for="sample_data_yes">&nbsp;I am installing a <b>demo or test</b> instance, populate the database with some demo data.');
+		$sChecked = ($sSampleData == 'no') ? 'checked ' : '';
+		$oPage->p('<input id="sample_data_no" name="sample_data" type="radio" value="no" '.$sChecked.'><label for="sample_data_no">&nbsp;I am installing a <b>production</b> instance, create an empty database to start from.');
 		$oPage->add('</fieldset>');
 		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
 		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		$oPage->add_ready_script(
-<<<EOF
+			<<<EOF
 		$('#application_url').bind('change keyup', function() { WizardUpdateButtons(); } );
 		$('#graphviz_path').bind('change keyup init', function() { WizardUpdateButtons();  WizardAsyncAction('check_graphviz', { graphviz_path: $('#graphviz_path').val(), authent: $('#authent_token').val()}); } ).trigger('init');
 		$('#btn_next').on('click', function() {
@@ -1197,14 +1184,14 @@ class WizStepUpgradeMiscParams extends AbstractWizStepMiscParams
 		$oPage->add('<fieldset>');
 		$oPage->add('<legend>Application URL</legend>');
 		$oPage->add('<table>');
-		$oPage->add('<tr><td>URL: </td><td><input id="application_url" class="ibo-input" name="application_url" type="text" size="35" maxlength="1024" value="'.htmlentities($sApplicationURL, ENT_QUOTES, 'UTF-8').'" style="width: 100%;box-sizing: border-box;"><span id="v_application_url"/></td><tr>');
+		$oPage->add('<tr><td>URL: </td><td><input id="application_url" class="ibo-input" name="application_url" type="text" size="35" maxlength="1024" value="'.utils::EscapeHtml($sApplicationURL).'" style="width: 100%;box-sizing: border-box;"><span id="v_application_url"/></td><tr>');
 		$oPage->add('</table>');
 		$oPage->add('<div class="message message-warning">Change the value above if the end-users will be accessing the application by another path due to a specific configuration of the web server.</div>');
 		$oPage->add('</fieldset>');
 		$oPage->add('<fieldset>');
 		$oPage->add('<legend>Path to Graphviz\' dot application</legend>');
 		$oPage->add('<table>');
-		$oPage->add('<tr><td>Path: </td><td><input id="graphviz_path" class="ibo-input" name="graphviz_path" type="text" size="35" maxlength="1024" value="'.htmlentities($sGraphvizPath, ENT_QUOTES, 'UTF-8').'" style="width: 100%;box-sizing: border-box;"><span id="v_graphviz_path"/></td>');
+		$oPage->add('<tr><td>Path: </td><td><input id="graphviz_path" class="ibo-input" name="graphviz_path" type="text" size="35" maxlength="1024" value="'.utils::EscapeHtml($sGraphvizPath).'" style="width: 100%;box-sizing: border-box;"><span id="v_graphviz_path"/></td>');
 		$oPage->add('<td><i class="fas fa-question-circle setup-input--hint--icon" data-tooltip-content="Graphviz is required to display the impact analysis graph (i.e. impacts / depends on)."></i></td><tr>');
 		$oPage->add('</table>');
 		$oPage->add('<span id="graphviz_status"></span>');
@@ -1212,7 +1199,7 @@ class WizStepUpgradeMiscParams extends AbstractWizStepMiscParams
 		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
 		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		$oPage->add_ready_script(
-<<<EOF
+			<<<EOF
 		$('#application_url').bind('change keyup', function() { WizardUpdateButtons(); } );
 		$('#graphviz_path').bind('change keyup init', function() { WizardUpdateButtons();  WizardAsyncAction('check_graphviz', { graphviz_path: $('#graphviz_path').val(), authent: $('#authent_token').val() }); } ).trigger('init');
 		$('#btn_next').on('click', function() {
@@ -2024,32 +2011,25 @@ EOF
 		$index = 0;
 
 		$sAllDisabled = '';
-		if ($bAllDisabled)
-		{
+		if ($bAllDisabled) {
 			$sAllDisabled = 'disabled data-disabled="disabled" ';
 		}
 
-		foreach($aOptions as $index => $aChoice)
-		{
+		foreach ($aOptions as $index => $aChoice) {
 			$sAttributes = '';
 			$sChoiceId = $sParentId.self::$SEP.$index;
-			$sDataId = 'data-id="'.htmlentities($aChoice['extension_code'], ENT_QUOTES, 'UTF-8').'"';
-			$sId = htmlentities($aChoice['extension_code'], ENT_QUOTES, 'UTF-8');
+			$sDataId = 'data-id="'.utils::EscapeHtml($aChoice['extension_code']).'"';
+			$sId = utils::EscapeHtml($aChoice['extension_code']);
 			$bIsDefault = array_key_exists($sChoiceId, $aDefaults);
 			$bSelected = isset($aSelectedComponents[$sChoiceId]) && ($aSelectedComponents[$sChoiceId] == $sChoiceId);
 			$bMandatory = (isset($aChoice['mandatory']) && $aChoice['mandatory']) || ($this->bUpgrade && $bIsDefault);
 			$bDisabled = false;
-			if ($bMandatory)
-			{
+			if ($bMandatory) {
 				$oPage->add('<div class="choice" '.$sDataId.'><input id="'.$sId.'" checked disabled data-disabled="disabled" type="checkbox"'.$sAttributes.'/><input type="hidden" name="choice['.$sChoiceId.']" value="'.$sChoiceId.'">&nbsp;');
 				$bDisabled = true;
-			}
-			else if ($bSelected)
-			{
+			} else if ($bSelected) {
 				$oPage->add('<div class="choice" '.$sDataId.'><input class="wiz-choice" '.$sAllDisabled.'id="'.$sId.'" name="choice['.$sChoiceId.']" type="checkbox" checked value="'.$sChoiceId.'"/>&nbsp;');
-			}
-			else
-			{
+			} else {
 				$oPage->add('<div class="choice" '.$sDataId.'><input class="wiz-choice" '.$sAllDisabled.'id="'.$sId.'" name="choice['.$sChoiceId.']" type="checkbox" value="'.$sChoiceId.'"/>&nbsp;');
 			}
 			$this->DisplayChoice($oPage, $aChoice, $aSelectedComponents, $aDefaults, $sChoiceId, $bDisabled);
@@ -2081,35 +2061,30 @@ EOF
 			}
 		}
 
-		if (!array_key_exists($sChoiceName, $aDefaults) || ($aDefaults[$sChoiceName] == $sChoiceIdNone))
-		{
+		if (!array_key_exists($sChoiceName, $aDefaults) || ($aDefaults[$sChoiceName] == $sChoiceIdNone)) {
 			// The "none" choice does not disable the selection !!
 			$sDisabled = '';
 			$bDisabled = false;
 		}
 
-		foreach($aAlternatives as $index => $aChoice)
-		{
+		foreach ($aAlternatives as $index => $aChoice) {
 			$sAttributes = '';
 			$sChoiceId = $sParentId.self::$SEP.$index;
-			$sDataId = 'data-id="'.htmlentities($aChoice['extension_code'], ENT_QUOTES, 'UTF-8').'"';
-			$sId = htmlentities($aChoice['extension_code'], ENT_QUOTES, 'UTF-8');
+			$sDataId = 'data-id="'.utils::EscapeHtml($aChoice['extension_code']).'"';
+			$sId = utils::EscapeHtml($aChoice['extension_code']);
 
-			if ($sChoiceName == null)
-			{
+			if ($sChoiceName == null) {
 				$sChoiceName = $sChoiceId; // All radios share the same name
 			}
 			$bIsDefault = array_key_exists($sChoiceName, $aDefaults) && ($aDefaults[$sChoiceName] == $sChoiceId);
 			$bSelected = isset($aSelectedComponents[$sChoiceName]) && ($aSelectedComponents[$sChoiceName] == $sChoiceId);
-			if ( !isset($aSelectedComponents[$sChoiceName]) && ($sChoiceIdNone != null))
-			{
+			if (!isset($aSelectedComponents[$sChoiceName]) && ($sChoiceIdNone != null)) {
 				// No choice selected, select the "None" option
 				$bSelected = ($sChoiceId == $sChoiceIdNone);
 			}
 			$bMandatory = (isset($aChoice['mandatory']) && $aChoice['mandatory']) || ($this->bUpgrade && $bIsDefault);
 
-			if ($bSelected)
-			{
+			if ($bSelected) {
 				$sAttributes = ' checked ';
 			}
 			$sHidden = '';
@@ -2129,12 +2104,11 @@ EOF
 	{
 		$sMoreInfo = (isset($aChoice['more_info']) && ($aChoice['more_info'] != '')) ? '<a class="setup--wizard-choice--more-info" target="_blank" href="'.$aChoice['more_info'].'">More information</a>' : '';
 		$sSourceLabel = isset($aChoice['source_label']) ? $aChoice['source_label'] : '';
-		$sId = htmlentities($aChoice['extension_code'], ENT_QUOTES, 'UTF-8');
-		$oPage->add('<label class="setup--wizard-choice--label" for="'.$sId.'">'.$sSourceLabel.'<b>'.htmlentities($aChoice['title'], ENT_QUOTES, 'UTF-8').'</b>'.'</label> '.$sMoreInfo);
-		$sDescription = isset($aChoice['description']) ? htmlentities($aChoice['description'], ENT_QUOTES, 'UTF-8') : '';
+		$sId = utils::EscapeHtml($aChoice['extension_code']);
+		$oPage->add('<label class="setup--wizard-choice--label" for="'.$sId.'">'.$sSourceLabel.'<b>'.utils::EscapeHtml($aChoice['title']).'</b>'.'</label> '.$sMoreInfo);
+		$sDescription = isset($aChoice['description']) ? utils::EscapeHtml($aChoice['description']) : '';
 		$oPage->add('<div class="setup--wizard-choice--description description">'.$sDescription.'<span id="sub_choices'.$sId.'">');
-		if (isset($aChoice['sub_options']))
-		{
+		if (isset($aChoice['sub_options'])) {
 			$this->DisplayOptions($oPage, $aChoice['sub_options'], $aSelectedComponents, $aDefaults, $sChoiceId, $bDisabled);
 		}
 		$oPage->add('</span></div>');
@@ -2295,8 +2269,7 @@ class WizStepSummary extends WizardStep
 		if (count($aMiscOptions) > 0)
 		{
 			$oPage->add('<div class="closed"><span class="title">Miscellaneous Options</span><ul>');
-			foreach($aMiscOptions as $sKey => $sValue)
-			{
+			foreach ($aMiscOptions as $sKey => $sValue) {
 				$oPage->add('<li>'.$sKey.': '.$sValue.'</li>');
 			}
 			$oPage->add('</ul></div>');
@@ -2305,8 +2278,7 @@ class WizStepSummary extends WizardStep
 
 		$aSelectedModules = $aInstallParams['selected_modules'];
 
-		if (isset($aMiscOptions['generate_config']))
-		{
+		if (isset($aMiscOptions['generate_config'])) {
 			$oDoc = new DOMDocument('1.0', 'UTF-8');
 			$oDoc->preserveWhiteSpace = false;
 			$oDoc->formatOutput = true;
@@ -2315,7 +2287,7 @@ class WizStepSummary extends WizardStep
 			$oParams->ToXML($oDoc, null, 'installation');
 			$sXML = $oDoc->saveXML();
 			$oPage->add('<div class="closed"><span class="title">XML Config file</span><ul><pre>');
-			$oPage->add(htmlentities($sXML, ENT_QUOTES, 'UTF-8'));
+			$oPage->add(utils::EscapeHtml($sXML));
 			$oPage->add('</pre></ul></div>');
 		}
 
@@ -2330,13 +2302,12 @@ class WizStepSummary extends WizardStep
 		$oPage->add('</fieldset>');
 
 		$sJSONData = json_encode($aInstallParams);
-		$oPage->add('<input type="hidden" id="installer_parameters" value="'.htmlentities($sJSONData, ENT_QUOTES, 'UTF-8').'"/>');
+		$oPage->add('<input type="hidden" id="installer_parameters" value="'.utils::EscapeHtml($sJSONData).'"/>');
 
 		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
 		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 
-		if (!$this->CheckDependencies())
-		{
+		if (!$this->CheckDependencies()) {
 			$oPage->error($this->sDependencyIssue);
 		}
 
@@ -2459,12 +2430,11 @@ JS
 		$oParameters->LoadFromHash(json_decode($sJSONParameters, true /* bAssoc */));
 		$oInstaller = new ApplicationInstaller($oParameters);
 		$aRes = $oInstaller->ExecuteStep($sStep);
-		if (($aRes['status'] != ApplicationInstaller::ERROR) && ($aRes['next-step'] != ''))
-		{
+		if (($aRes['status'] != ApplicationInstaller::ERROR) && ($aRes['next-step'] != '')) {
 			// Tell the web page to move the progress bar and to launch the next step
-			$sMessage = addslashes(htmlentities($aRes['next-step-label'], ENT_QUOTES, 'UTF-8'));
+			$sMessage = addslashes(utils::EscapeHtml($aRes['next-step-label']));
 			$oPage->add_ready_script(
-<<<EOF
+				<<<EOF
 	$("#wiz_form").data("installation_status", "running");
 	WizardUpdateButtons();
 	$('#setup_msg').html('$sMessage');
@@ -2479,7 +2449,7 @@ EOF
 		{
 			// Installation complete, move to the next step of the wizard
 			$oPage->add_ready_script(
-<<<EOF
+				<<<EOF
 	$("#wiz_form").data("installation_status", "completed");
 	$('#progress').progression( {Current:100, Maximum: 100} );
 	WizardUpdateButtons();
@@ -2487,13 +2457,11 @@ EOF
 	$("#btn_next").click();
 EOF
 			);
-		}
-		else
-		{
-			$sMessage = addslashes(htmlentities($aRes['message'], ENT_QUOTES, 'UTF-8'));
+		} else {
+			$sMessage = addslashes(utils::EscapeHtml($aRes['message']));
 			$sMessage = str_replace("\n", '<br>', $sMessage);
 			$oPage->add_ready_script(
-<<<EOF
+				<<<EOF
 	$("#wiz_form").data("installation_status", "error");
 	WizardUpdateButtons();
 	$('#setup_msg').html('$sMessage');
@@ -2626,8 +2594,8 @@ class WizStepDone extends WizardStep
 		}
 
 		$sForm = '<div class="ibo-setup--wizard--buttons-container" style="text-align:center"><form method="post" class="ibo-setup--enter-itop" action="'.$this->oWizard->GetParameter('application_url').'pages/UI.php">';
-		$sForm .= '<input type="hidden" name="auth_user" value="'.htmlentities($this->oWizard->GetParameter('admin_user'), ENT_QUOTES, 'UTF-8').'">';
-		$sForm .= '<input type="hidden" name="auth_pwd" value="'.htmlentities($this->oWizard->GetParameter('admin_pwd'), ENT_QUOTES, 'UTF-8').'">';
+		$sForm .= '<input type="hidden" name="auth_user" value="'.utils::EscapeHtml($this->oWizard->GetParameter('admin_user')).'">';
+		$sForm .= '<input type="hidden" name="auth_pwd" value="'.utils::EscapeHtml($this->oWizard->GetParameter('admin_pwd')).'">';
 		$sForm .= "<button id=\"enter_itop\" class=\"ibo-button ibo-is-regular ibo-is-primary\" type=\"submit\">Enter ".ITOP_APPLICATION."</button></div>";
 		$sForm .= '</form>';
 
diff --git a/sources/Application/Search/searchform.class.inc.php b/sources/Application/Search/searchform.class.inc.php
index eb14c5e25..a6f908e31 100644
--- a/sources/Application/Search/searchform.class.inc.php
+++ b/sources/Application/Search/searchform.class.inc.php
@@ -119,7 +119,7 @@ class SearchForm
 		}
 
 		$sContext = $oAppContext->GetForLink();
-		$sJsonExtraParams = htmlentities(json_encode($aListParams), ENT_QUOTES);
+		$sJsonExtraParams = utils::EscapeHtml(json_encode($aListParams));
 		$sOuterSelector = $aExtraParams['result_list_outer_selector'];
 
 		if (isset($aExtraParams['search_header_force_dropdown'])) {
diff --git a/sources/Application/TwigBase/Controller/Controller.php b/sources/Application/TwigBase/Controller/Controller.php
index 2eab21aed..6a2dad13b 100644
--- a/sources/Application/TwigBase/Controller/Controller.php
+++ b/sources/Application/TwigBase/Controller/Controller.php
@@ -182,7 +182,7 @@ abstract class Controller
 			http_response_code(500);
 			$oP = new ErrorPage(Dict::S('UI:PageTitle:FatalError'));
 			$oP->add("<h1>".Dict::S('UI:FatalErrorMessage')."</h1>\n");
-			$oP->add(get_class($e).' : '.htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8'));
+			$oP->add(get_class($e).' : '.utils::EscapeHtml($e->GetMessage()));
 			$oP->output();
 
 			IssueLog::Error($e->getMessage());
diff --git a/sources/Application/WebPage/NiceWebPage.php b/sources/Application/WebPage/NiceWebPage.php
index de11f57d1..abae1ab38 100644
--- a/sources/Application/WebPage/NiceWebPage.php
+++ b/sources/Application/WebPage/NiceWebPage.php
@@ -227,8 +227,7 @@ EOF
 		foreach($aChoices as $sKey => $sValue)
 		{
 			$sSelected = ($sKey == $sDefaultValue) ? " SELECTED" : "";
-			$this->add("<option style=\"width: ".$iWidthPx." px;\" value=\"".htmlspecialchars($sKey)."\"$sSelected>".htmlentities($sValue,
-					ENT_QUOTES, self::PAGES_CHARSET)."</option>");
+			$this->add("<option style=\"width: ".$iWidthPx." px;\" value=\"".htmlspecialchars($sKey)."\"$sSelected>".utils::EscapeHtml($sValue)."</option>");
 		}
 		$this->add("</select>");
 	}
diff --git a/sources/Application/WebPage/iTopWizardWebPage.php b/sources/Application/WebPage/iTopWizardWebPage.php
index e2660fead..af9dd10ec 100644
--- a/sources/Application/WebPage/iTopWizardWebPage.php
+++ b/sources/Application/WebPage/iTopWizardWebPage.php
@@ -50,7 +50,7 @@ class iTopWizardWebPage extends iTopWebPage
     		$sStyle = ($iIndex == $this->m_iCurrentStep) ? 'wizActiveStep' : 'wizStep';
     		$aSteps[] = "<div class=\"$sStyle\"><span>$sStepTitle</span></div>";
     	}
-    	$sWizardHeader = "<div class=\"wizHeader\"><h1>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</h1>\n".implode("<div class=\"wizSeparator\"><img align=\"bottom\" src=\"../images/wizArrow.gif\"></div>", $aSteps)."<br style=\"clear:both;\"/></div>\n";
+    	$sWizardHeader = "<div class=\"wizHeader\"><h1>".utils::EscapeHtml($this->s_title)."</h1>\n".implode("<div class=\"wizSeparator\"><img align=\"bottom\" src=\"../images/wizArrow.gif\"></div>", $aSteps)."<br style=\"clear:both;\"/></div>\n";
     	$this->s_content = "$sWizardHeader<div class=\"wizContainer\">".$this->s_content."</div>";
     	parent::output();
 	}
diff --git a/sources/Renderer/Bootstrap/FieldRenderer/BsFileUploadFieldRenderer.php b/sources/Renderer/Bootstrap/FieldRenderer/BsFileUploadFieldRenderer.php
index f1359df80..a7b1c902b 100644
--- a/sources/Renderer/Bootstrap/FieldRenderer/BsFileUploadFieldRenderer.php
+++ b/sources/Renderer/Bootstrap/FieldRenderer/BsFileUploadFieldRenderer.php
@@ -397,14 +397,13 @@ HTML
 
 				/** @var \ormDocument $oDoc */
 				$oDoc = $oAttachment->Get('contents');
-				$sFileName = htmlentities($oDoc->GetFileName(), ENT_QUOTES, 'UTF-8');
+				$sFileName = utils::EscapeHtml($oDoc->GetFileName());
 
 				$sDocDownloadUrl = str_replace('-sAttachmentId-', $iAttId, $this->oField->GetDownloadEndpoint());
 
 				$sAttachmentThumbUrl = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($sFileName);
 				$bHasPreview = false;
-				if ($oDoc->IsPreviewAvailable())
-				{
+				if ($oDoc->IsPreviewAvailable()) {
 					$bHasPreview = true;
 					$iMaxSizeForPreview = MetaModel::GetModuleSetting('itop-attachments', 'icon_preview_max_size', AbstractAttachmentsRenderer::DEFAULT_MAX_SIZE_FOR_PREVIEW);
 					if ($oDoc->GetSize() <= $iMaxSizeForPreview)
diff --git a/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php b/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
index 450e4f520..1d5ca6b22 100644
--- a/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
+++ b/sources/Renderer/Bootstrap/FieldRenderer/BsLinkedSetFieldRenderer.php
@@ -54,7 +54,7 @@ class BsLinkedSetFieldRenderer extends BsFieldRenderer
 		$aItemIds = array();
 		$this->PrepareItems($aItems, $aItemIds);
 		$sItemsAsJson = json_encode($aItems);
-        $sItemIdsAsJson = htmlentities(json_encode(array('current' => $aItemIds)), ENT_QUOTES, 'UTF-8');
+		$sItemIdsAsJson = utils::EscapeHtml(json_encode(array('current' => $aItemIds)));
 
         if (!$this->oField->GetHidden())
 		{
@@ -115,14 +115,14 @@ EOF
 
 			// Rendering table widget
 			// - Vars
-			$sEmptyTableLabel = htmlentities(Dict::S(($this->oField->GetReadOnly()) ? 'Portal:Datatables:Language:EmptyTable' : 'UI:Message:EmptyList:UseAdd'), ENT_QUOTES, 'UTF-8');
-			$sLabelGeneralCheckbox = htmlentities(Dict::S('Core:BulkExport:CheckAll') . ' / ' . Dict::S('Core:BulkExport:UncheckAll'), ENT_QUOTES, 'UTF-8');
+			$sEmptyTableLabel = utils::EscapeHtml(Dict::S(($this->oField->GetReadOnly()) ? 'Portal:Datatables:Language:EmptyTable' : 'UI:Message:EmptyList:UseAdd'));
+			$sLabelGeneralCheckbox = utils::EscapeHtml(Dict::S('Core:BulkExport:CheckAll').' / '.Dict::S('Core:BulkExport:UncheckAll'));
 			$sSelectionOptionHtml = ($this->oField->GetReadOnly()) ? 'false' : '{"style": "multi"}';
-			$sSelectionInputGlobalHtml = ($this->oField->GetReadOnly()) ? '' : '<span class="row_input"><input type="checkbox" id="' . $this->oField->GetGlobalId() . '_check_all" name="' . $this->oField->GetGlobalId() . '_check_all" title="' . $sLabelGeneralCheckbox . '" /></span>';
-			$sSelectionInputHtml = ($this->oField->GetReadOnly()) ? '' : '<span class="row_input"><input type="checkbox" name="' . $this->oField->GetGlobalId() . '" /></span>';
+			$sSelectionInputGlobalHtml = ($this->oField->GetReadOnly()) ? '' : '<span class="row_input"><input type="checkbox" id="'.$this->oField->GetGlobalId().'_check_all" name="'.$this->oField->GetGlobalId().'_check_all" title="'.$sLabelGeneralCheckbox.'" /></span>';
+			$sSelectionInputHtml = ($this->oField->GetReadOnly()) ? '' : '<span class="row_input"><input type="checkbox" name="'.$this->oField->GetGlobalId().'" /></span>';
 			// - Output
 			$oOutput->AddJs(
-<<<JS
+				<<<JS
 				// Collapse handlers
 				// - Collapsing by default to optimize form space
 				// It would be better to be able to construct the widget as collapsed, but in this case, datatables thinks the container is very small and therefore renders the table as if it was in microbox.
diff --git a/sources/Renderer/Console/FieldRenderer/ConsoleSimpleFieldRenderer.php b/sources/Renderer/Console/FieldRenderer/ConsoleSimpleFieldRenderer.php
index a4f5dad98..985a2ee88 100644
--- a/sources/Renderer/Console/FieldRenderer/ConsoleSimpleFieldRenderer.php
+++ b/sources/Renderer/Console/FieldRenderer/ConsoleSimpleFieldRenderer.php
@@ -53,7 +53,7 @@ class ConsoleSimpleFieldRenderer extends FieldRenderer
 
 		if ($sFieldClass == 'Combodo\\iTop\\Form\\Field\\HiddenField')
 		{
-			$oOutput->AddHtml('<input type="hidden" id="'.$this->oField->GetGlobalId().'" value="' . htmlentities($this->oField->GetCurrentValue(), ENT_QUOTES, 'UTF-8') . '"/>');
+			$oOutput->AddHtml('<input type="hidden" id="'.$this->oField->GetGlobalId().'" value="'.utils::EscapeHtml($this->oField->GetCurrentValue()).'"/>');
 		}
 		else
 		{
@@ -73,11 +73,10 @@ class ConsoleSimpleFieldRenderer extends FieldRenderer
 						$oValue->AddSubBlock(InputUIBlockFactory::MakeForHidden("",$this->oField->GetCurrentValue(),$this->oField->GetGlobalId()));
 						$oValue->AddSubBlock(new Html($this->oField->GetCurrentValue()));
 					}
-					else
-					{
-						$oField = UIContentBlockUIBlockFactory::MakeStandard("",["field_input_zone", "field_input_datetime", "ibo-input-field-wrapper", "ibo-input-datetime-wrapper"]);
+					else {
+						$oField = UIContentBlockUIBlockFactory::MakeStandard("", ["field_input_zone", "field_input_datetime", "ibo-input-field-wrapper", "ibo-input-datetime-wrapper"]);
 						$oValue->AddSubBlock($oField);
-						$oField->AddSubBlock(new Html('<input class="date-pick ibo-input ibo-input-date" type="text" placeholder="'.htmlentities($sPlaceHolder, ENT_QUOTES, 'UTF-8').'" id="'.$this->oField->GetGlobalId().'" value="'.htmlentities($this->oField->GetCurrentValue(), ENT_QUOTES, 'UTF-8').'" autocomplete="off"/>'));
+						$oField->AddSubBlock(new Html('<input class="date-pick ibo-input ibo-input-date" type="text" placeholder="'.utils::EscapeHtml($sPlaceHolder).'" id="'.$this->oField->GetGlobalId().'" value="'.utils::EscapeHtml($this->oField->GetCurrentValue()).'" autocomplete="off"/>'));
 						$oField->AddSubBlock(new Html('<span class="form_validation"></span>'));
 					}
 					$oBlock->AddSubBlock($oValue);
diff --git a/synchro/synchrodatasource.class.inc.php b/synchro/synchrodatasource.class.inc.php
index eb9d32b2c..72de482b9 100644
--- a/synchro/synchrodatasource.class.inc.php
+++ b/synchro/synchrodatasource.class.inc.php
@@ -611,8 +611,7 @@ EOF
 		$aData['nb_obj_total'] = $iNew + $iExisting + $iDisappeared;
 		$aData['nb_replica_total'] = $aData['nb_obj_total'] + $iIgnored;
 		if (strlen($oLastLog->Get('traces')) > 0) {
-			$aData['traces'] = '<fieldset class="ibo-fieldset"><legend class="ibo-fieldset-legend">Debug traces</legend><pre>'.htmlentities($oLastLog->Get('traces'), ENT_QUOTES,
-					'UTF-8').'</pre></fieldset>';
+			$aData['traces'] = '<fieldset class="ibo-fieldset"><legend class="ibo-fieldset-legend">Debug traces</legend><pre>'.utils::EscapeHtml($oLastLog->Get('traces')).'</pre></fieldset>';
 		} else {
 			$aData['traces'] = '';
 		}
diff --git a/test/VerifyOQL.php b/test/VerifyOQL.php
index 1b76d2527..b2ac5d9ef 100644
--- a/test/VerifyOQL.php
+++ b/test/VerifyOQL.php
@@ -73,9 +73,9 @@ function ShowExamples($oP, $sExpression)
 			}
 			//$aDisplayData[$sTopic][] = array(
 			$aDisplayData[Dict::S('UI:RunQuery:QueryExamples')][] = array(
-				'desc' => "<div style=\"$sHighlight\">".htmlentities($sDescription, ENT_QUOTES, 'UTF-8')."</div>",
-				'oql' => "<div style=\"$sHighlight\">".htmlentities($sOql, ENT_QUOTES, 'UTF-8')."</div>",
-				'go' => "<form method=\"get\"><input type=\"hidden\" name=\"expression\" value=\"$sOql\"><input type=\"submit\" value=\"".Dict::S('UI:Button:Test')."\" $sDisable>$sContext</form>\n",
+				'desc' => "<div style=\"$sHighlight\">".utils::EscapeHtml($sDescription)."</div>",
+				'oql'  => "<div style=\"$sHighlight\">".utils::EscapeHtml($sOql)."</div>",
+				'go'   => "<form method=\"get\"><input type=\"hidden\" name=\"expression\" value=\"$sOql\"><input type=\"submit\" value=\"".Dict::S('UI:Button:Test')."\" $sDisable>$sContext</form>\n",
 			);
 		}
 	}
@@ -147,8 +147,7 @@ try
 				{
 					$aArgs[$sParam] = $value;
 				}
-				else
-				{
+				else {
 					$aArgs[$sParam] = '';
 				}
 			}
@@ -158,7 +157,7 @@ try
 
 	$oP->add("<form method=\"post\">\n");
 	$oP->add(Dict::S('UI:RunQuery:ExpressionToEvaluate')."<br/>\n");
-	$oP->add("<textarea cols=\"120\" rows=\"8\" id=\"expression\" name=\"expression\">".htmlentities($sExpression, ENT_QUOTES, 'UTF-8')."</textarea>\n");
+	$oP->add("<textarea cols=\"120\" rows=\"8\" id=\"expression\" name=\"expression\">".utils::EscapeHtml($sExpression)."</textarea>\n");
 	$oP->add_linked_script(utils::GetAbsoluteUrlAppRoot()."/js/jquery.hotkeys.js");
 	$oP->add_ready_script(<<<EOF
 $("#expression").select();
@@ -252,15 +251,14 @@ EOF
 			{
 				$sSuggestedWord = OqlException::FindClosestString($sWrongWord, $aSuggestedWords);
 
-				if (strlen($sSuggestedWord) > 0)
-				{
+				if (strlen($sSuggestedWord) > 0) {
 					$oP->p('<b>'.Dict::Format('UI:RunQuery:Error', $e->GetIssue().' <em>'.$sWrongWord).'</em></b>');
 					$sBefore = substr($sExpression, 0, $e->GetColumn());
 					$sAfter = substr($sExpression, $e->GetColumn() + strlen($sWrongWord));
 					$sFixedExpression = $sBefore.$sSuggestedWord.$sAfter;
 					$sFixedExpressionHtml = $sBefore.'<span style="background-color:yellow">'.$sSuggestedWord.'</span>'.$sAfter;
 					$oP->p("Suggesting: $sFixedExpressionHtml");
-					$oP->add('<button onClick="$(\'textarea[name=expression]\').val(\''.htmlentities(addslashes($sFixedExpression)).'\');">Use this query</button>');
+					$oP->add('<button onClick="$(\'textarea[name=expression]\').val(\''.utils::EscapeHtml(addslashes($sFixedExpression)).'\');">Use this query</button>');
 				}
 				else
 				{