diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php
index e3990afd4..015fc4105 100644
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -300,6 +300,9 @@ class LoginWebPage extends NiceWebPage
 		$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
 		$sToken = utils::ReadParam('token', '', false, 'raw_data');
 
+		$sAuthUserForDisplay = utils::HtmlEntities($sAuthUser);
+		$sTokenForDisplay = utils::HtmlEntities($sToken);
+
 		UserRights::Login($sAuthUser); // Set the user's language
 		$oUser = UserRights::GetUserObject();
 
@@ -308,7 +311,7 @@ class LoginWebPage extends NiceWebPage
 		$this->add("<h1>".Dict::S('UI:ResetPwd-Title')."</h1>\n");
 		if ($oUser == null)
 		{
-			$this->add("<p>".Dict::Format('UI:ResetPwd-Error-WrongLogin', $sAuthUser)."</p>\n");
+			$this->add("<p>".Dict::Format('UI:ResetPwd-Error-WrongLogin', $sAuthUserForDisplay)."</p>\n");
 		}
 		else
 		{
@@ -320,7 +323,8 @@ class LoginWebPage extends NiceWebPage
 			}
 			else
 			{
-				$this->add("<p>".Dict::Format('UI:ResetPwd-Error-EnterPassword', $oUser->GetFriendlyName())."</p>\n");
+				$sUserNameForDisplay = utils::HtmlEntities($oUser->GetFriendlyName());
+				$this->add("<p>".Dict::Format('UI:ResetPwd-Error-EnterPassword', $sUserNameForDisplay)."</p>\n");
 	
 				$sInconsistenPwdMsg = Dict::S('UI:Login:RetypePwdDoesNotMatch');
 				$this->add_script(
@@ -343,8 +347,8 @@ EOF
 				$this->add("<tr><td colspan=\"2\" class=\"center v-spacer\"><span class=\"btn_border\"><input type=\"submit\" onClick=\"return DoCheckPwd();\" value=\"".Dict::S('UI:Button:ChangePassword')."\" /></span></td></tr>\n");
 				$this->add("</table>\n");
 				$this->add("<input type=\"hidden\" name=\"loginop\" value=\"do_reset_pwd\" />\n");
-				$this->add("<input type=\"hidden\" name=\"auth_user\" value=\"".htmlentities($sAuthUser, ENT_QUOTES, 'UTF-8')."\" />\n");
-				$this->add("<input type=\"hidden\" name=\"token\" value=\"".htmlentities($sToken, ENT_QUOTES, 'UTF-8')."\" />\n");
+				$this->add("<input type=\"hidden\" name=\"auth_user\" value=\"".$sAuthUserForDisplay."\" />\n");
+				$this->add("<input type=\"hidden\" name=\"token\" value=\"".$sTokenForDisplay."\" />\n");
 				$this->add("</form>\n");
 				$this->add("</div\n");
 			}
diff --git a/application/utils.inc.php b/application/utils.inc.php
index 5569c4ebf..050e279cd 100644
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -1,6 +1,7 @@
 <?php
-use Html2Text\Html2Text;
+
 use Leafo\ScssPhp\Compiler;
+
 // Copyright (C) 2010-2017 Combodo SARL
 //
 //   This file is part of iTop.
@@ -1398,7 +1399,17 @@ class utils
 		asort($aPossibleEncodings);
 		return $aPossibleEncodings;
 	}
-	
+
+	/**
+	 * Helper to encapsulation iTop's htmlentities
+	 * @param string $sValue
+	 * @return string
+	 */
+	static public function HtmlEntities($sValue)
+	{
+		return htmlentities($sValue, ENT_QUOTES, 'UTF-8');
+	}
+
 	/**
 	 * Convert a string containing some (valid) HTML markup to plain text
 	 * @param string $sHtml
diff --git a/datamodels/2.x/itop-backup/check-backup.php b/datamodels/2.x/itop-backup/check-backup.php
index f2a27dab4..81ea9fe6e 100644
--- a/datamodels/2.x/itop-backup/check-backup.php
+++ b/datamodels/2.x/itop-backup/check-backup.php
@@ -212,11 +212,13 @@ catch(Exception $e)
 }
 
 $sZipArchiveFile = MakeArchiveFileName().'.tar.gz';
-echo date('Y-m-d H:i:s')." - Checking file: $sZipArchiveFile\n";
+$sZipArchiveFileForDisplay = utils::HtmlEntities($sZipArchiveFile);
+echo date('Y-m-d H:i:s')." - Checking file: $sZipArchiveFileForDisplay\n";
+
 
 if (!file_exists($sZipArchiveFile))
 {
-	RaiseAlarm("Missing backup file '$sZipArchiveFile'");
+	RaiseAlarm("Missing backup file '$sZipArchiveFileForDisplay'");
 
 	return;
 }
@@ -224,7 +226,7 @@ if (!file_exists($sZipArchiveFile))
 $aStat = stat($sZipArchiveFile);
 if (!$aStat)
 {
-	RaiseAlarm("Failed to stat backup file '$sZipArchiveFile'");
+	RaiseAlarm("Failed to stat backup file '$sZipArchiveFileForDisplay'");
 
 	return;
 }
@@ -233,7 +235,7 @@ $iSize = (int)$aStat['size'];
 $iMIN = utils::ReadParam('check_size_min', 0);
 if ($iSize <= $iMIN)
 {
-	RaiseAlarm("Backup file '$sZipArchiveFile' too small (Found: $iSize, while expecting $iMIN bytes)");
+	RaiseAlarm("Backup file '$sZipArchiveFileForDisplay' too small (Found: $iSize, while expecting $iMIN bytes)");
 
 	return;
 }
@@ -241,11 +243,12 @@ if ($iSize <= $iMIN)
 
 echo "Found the archive\n";
 $sOldArchiveFile = MakeArchiveFileName(time() - 86400).'.tar.gz'; // yesterday's archive
+$sOldArchiveFileForDisplay = utils::HtmlEntities($sOldArchiveFile);
 if (file_exists($sOldArchiveFile))
 {
 	if ($aOldStat = stat($sOldArchiveFile))
 	{
-		echo "Comparing its size with older file: $sOldArchiveFile\n";
+		echo "Comparing its size with older file: $sOldArchiveFileForDisplay\n";
 		$iOldSize = (int)$aOldStat['size'];
 		$fVariationPercent = 100 * ($iSize - $iOldSize) / $iOldSize;
 		$sVariation = round($fVariationPercent, 2)." percent(s)";
@@ -253,7 +256,7 @@ if (file_exists($sOldArchiveFile))
 		$iREDUCTIONMAX = utils::ReadParam('check_size_reduction_max');
 		if ($fVariationPercent < -$iREDUCTIONMAX)
 		{
-			RaiseAlarm("Backup file '$sZipArchiveFile' changed by $sVariation, expecting a reduction limited to $iREDUCTIONMAX percents of the original size");
+			RaiseAlarm("Backup file '$sZipArchiveFileForDisplay' changed by $sVariation, expecting a reduction limited to $iREDUCTIONMAX percents of the original size");
 		}
 		elseif ($fVariationPercent < 0)
 		{
diff --git a/pages/ajax.render.php b/pages/ajax.render.php
index 03b1ac9cc..5656fa895 100644
--- a/pages/ajax.render.php
+++ b/pages/ajax.render.php
@@ -2228,7 +2228,12 @@ EOF
 			try
 			{
 				$token = utils::ReadParam('token', null);
-				$aResult = array('code' => 'error', 'percentage' => 100, 'message' => "Export not found for token: '$token'"); // Fallback error, just in case
+				$sTokenForDisplay = utils::HtmlEntities($token);
+				$aResult = array( // Fallback error, just in case
+					'code' => 'error',
+					'percentage' => 100,
+					'message' => "Export not found for token: '$sTokenForDisplay'",
+				);
 				$data = '';
 				if ($token === null)
 				{
@@ -2303,11 +2308,11 @@ EOF
 				$oPage->add(json_encode($aResult));
 			} catch (BulkExportException $e)
 			{
-				$aResult = array('code' => 'error', 'percentage' => 100, 'message' => $e->GetLocalizedMessage());
+				$aResult = array('code' => 'error', 'percentage' => 100, 'message' => utils::HtmlEntities($e->GetLocalizedMessage()));
 				$oPage->add(json_encode($aResult));
 			} catch (Exception $e)
 			{
-				$aResult = array('code' => 'error', 'percentage' => 100, 'message' => $e->getMessage());
+				$aResult = array('code' => 'error', 'percentage' => 100, 'message' => utils::HtmlEntities($e->getMessage()));
 				$oPage->add(json_encode($aResult));
 			}
 			break;
