From ec0fc8cdc1b234e00445b05d95ec0f12c4fdc979 Mon Sep 17 00:00:00 2001
From: Liam Brydon <62733830+MyCreativityOutlet@users.noreply.github.com>
Date: Wed, 22 Oct 2025 10:47:35 +1300
Subject: [PATCH] add error for username/email containing html. Removed checks
 for SMILES/SMARTS. Updated html to use the nh_safe template tag. #72

---
 epdb/views.py                                 | 32 +++++++++++--------
 templates/collections/objects_list.html       | 13 ++++----
 templates/migration.html                      |  5 +--
 templates/migration_detail.html               |  3 +-
 .../modals/collections/new_model_modal.html   |  9 +++---
 .../modals/collections/new_pathway_modal.html |  3 +-
 .../new_prediction_setting_modal.html         |  7 ++--
 .../objects/add_pathway_edge_modal.html       |  5 +--
 .../objects/delete_pathway_edge_modal.html    |  3 +-
 .../objects/delete_pathway_node_modal.html    |  3 +-
 .../modals/objects/edit_compound_modal.html   |  5 +--
 .../edit_compound_structure_modal.html        |  5 +--
 .../objects/edit_group_member_modal.html      |  5 +--
 .../modals/objects/edit_model_modal.html      |  5 +--
 templates/modals/objects/edit_node_modal.html |  5 +--
 .../modals/objects/edit_package_modal.html    |  5 +--
 .../edit_package_permissions_modal.html       |  5 +--
 .../modals/objects/edit_pathway_modal.html    |  5 +--
 .../edit_prediction_setting_modal.html        |  3 +-
 .../modals/objects/edit_reaction_modal.html   |  5 +--
 templates/modals/objects/edit_rule_modal.html |  5 +--
 templates/modals/objects/edit_user_modal.html |  7 ++--
 .../modals/objects/evaluate_model_modal.html  |  5 +--
 .../objects/generic_copy_object_modal.html    |  3 +-
 .../objects/generic_set_aliases_modal.html    |  3 +-
 .../generic_set_external_reference_modal.html |  3 +-
 .../objects/generic_set_scenario_modal.html   |  3 +-
 .../objects/manage_api_token_modal.html       |  3 +-
 templates/modals/predict_modal.html           |  3 +-
 templates/objects/composite_rule.html         |  9 +++---
 templates/objects/compound.html               | 11 ++++---
 templates/objects/compound_structure.html     |  7 ++--
 templates/objects/edge.html                   | 13 ++++----
 templates/objects/group.html                  | 11 ++++---
 templates/objects/model.html                  | 10 +++---
 templates/objects/node.html                   |  7 ++--
 templates/objects/package.html                |  2 +-
 templates/objects/pathway.html                |  8 ++---
 templates/objects/reaction.html               | 15 +++++----
 templates/objects/scenario.html               |  4 +--
 templates/objects/simple_rule.html            | 13 ++++----
 templates/objects/user.html                   |  9 +++---
 templates/pathway_playground2.html            |  3 +-
 templates/search.html                         |  5 +--
 44 files changed, 168 insertions(+), 125 deletions(-)

diff --git a/epdb/views.py b/epdb/views.py
index d960ddab..2fb47668 100644
--- a/epdb/views.py
+++ b/epdb/views.py
@@ -94,7 +94,11 @@ def login(request):
         from django.contrib.auth import authenticate
         from django.contrib.auth import login
 
-        username = request.POST.get("username")
+        # Check if the cleaned username is equal to the unclean username, if not, invalid username
+        username = nh3.clean(request.POST.get("username")).strip()
+        if username != request.POST.get("username").strip():
+            context["message"] = "Login failed!"
+            return render(request, "static/login.html", context)
         password = request.POST.get("password")
 
         # Get email for username and check if the account is active
@@ -154,12 +158,14 @@ def register(request):
         if next := request.POST.get("next"):
             context["next"] = next
 
-        username = request.POST.get("username", "").strip()
-        email = request.POST.get("email", "").strip()
+        username = nh3.clean(request.POST.get("username", "")).strip()
+        email = nh3.clean(request.POST.get("email", "")).strip()
         password = request.POST.get("password", "").strip()
         rpassword = request.POST.get("rpassword", "").strip()
 
-        if not (username and email and password):
+        # Check if cleaned username and email are equal to the unclean, if not, invalid username or email
+        if (not (username and email and password) or username != request.POST.get("username", "").strip() or
+                email != request.POST.get("email", "").strip()):
             context["message"] = "Invalid username/email/password"
             return render(request, "static/register.html", context)
 
@@ -866,8 +872,7 @@ def package_model(request, package_uuid, model_uuid):
         ad_assessment = request.GET.get("app-domain-assessment", False)
 
         if classify or ad_assessment:
-            # Clean for potential XSS
-            smiles = nh3.clean(request.GET.get("smiles", ""), tags=s.ALLOWED_HTML_TAGS).strip()
+            smiles = request.GET.get("smiles", "").strip()
 
             # Check if smiles is non empty and valid
             if smiles == "":
@@ -1146,7 +1151,7 @@ def package_compounds(request, package_uuid):
     elif request.method == "POST":
         # Clean for potential XSS
         compound_name = nh3.clean(request.POST.get("compound-name"), tags=s.ALLOWED_HTML_TAGS).strip()
-        compound_smiles = nh3.clean(request.POST.get("compound-smiles"), tags=s.ALLOWED_HTML_TAGS).strip()
+        compound_smiles = request.POST.get("compound-smiles").strip()
         compound_description = nh3.clean(request.POST.get("compound-description"), tags=s.ALLOWED_HTML_TAGS).strip()
 
         c = Compound.create(current_package, compound_smiles, compound_name, compound_description)
@@ -1267,7 +1272,7 @@ def package_compound_structures(request, package_uuid, compound_uuid):
     elif request.method == "POST":
         # Clean for potential XSS
         structure_name = nh3.clean(request.POST.get("structure-name"), tags=s.ALLOWED_HTML_TAGS).strip()
-        structure_smiles = nh3.clean(request.POST.get("structure-smiles"), tags=s.ALLOWED_HTML_TAGS).strip()
+        structure_smiles = request.POST.get("structure-smiles").strip()
         structure_description = nh3.clean(request.POST.get("structure-description"), tags=s.ALLOWED_HTML_TAGS).strip()
 
         cs = current_compound.add_structure(structure_smiles, structure_name, structure_description)
@@ -1436,15 +1441,14 @@ def package_rules(request, package_uuid):
         # Obtain parameters as required by rule type
         if rule_type == "SimpleAmbitRule":
             # Clean for potential XSS
-            params["smirks"] = nh3.clean(request.POST.get("rule-smirks"), tags=s.ALLOWED_HTML_TAGS).strip()
+            params["smirks"] = request.POST.get("rule-smirks").strip()
             params["reactant_filter_smarts"] = nh3.clean(request.POST.get("rule-reactant-smarts"),
                                                          tags=s.ALLOWED_HTML_TAGS).strip()
             params["product_filter_smarts"] = nh3.clean(request.POST.get("rule-product-smarts"),
                                                         tags=s.ALLOWED_HTML_TAGS).strip()
         elif rule_type == "SimpleRDKitRule":
             # Clean for potential XSS
-            params["reaction_smarts"] = nh3.clean(request.POST.get("rule-reaction-smarts"),
-                                                  tags=s.ALLOWED_HTML_TAGS).strip()
+            params["reaction_smarts"] = request.POST.get("rule-reaction-smarts").strip()
         elif rule_type == "ParallelRule":
             pass
         elif rule_type == "SequentialRule":
@@ -1603,8 +1607,8 @@ def package_reactions(request, package_uuid):
         # Clean for potential XSS
         reaction_name = nh3.clean(request.POST.get("reaction-name"), tags=s.ALLOWED_HTML_TAGS).strip()
         reaction_description = nh3.clean(request.POST.get("reaction-description"), tags=s.ALLOWED_HTML_TAGS).strip()
-        reactions_smirks = nh3.clean(request.POST.get("reaction-smirks"), tags=s.ALLOWED_HTML_TAGS).strip()
 
+        reactions_smirks = request.POST.get("reaction-smirks").strip()
         educts = reactions_smirks.split(">>")[0].split(".")
         products = reactions_smirks.split(">>")[1].split(".")
 
@@ -1746,8 +1750,8 @@ def package_pathways(request, package_uuid):
         # Clean for potential XSS
         name = nh3.clean(request.POST.get("name"), tags=s.ALLOWED_HTML_TAGS).strip()
         description = nh3.clean(request.POST.get("description"), tags=s.ALLOWED_HTML_TAGS).strip()
-        smiles = nh3.clean(request.POST.get("smiles", ""), tags=s.ALLOWED_HTML_TAGS).strip()
 
+        smiles = request.POST.get("smiles", "").strip()
         pw_mode = request.POST.get("predict", "predict").strip()
 
         if "smiles" in request.POST and smiles == "":
@@ -1981,8 +1985,8 @@ def package_pathway_nodes(request, package_uuid, pathway_uuid):
         # Clean for potential XSS
         node_name = nh3.clean(request.POST.get("node-name"), tags=s.ALLOWED_HTML_TAGS).strip()
         node_description = nh3.clean(request.POST.get("node-description"), tags=s.ALLOWED_HTML_TAGS).strip()
-        node_smiles = nh3.clean(request.POST.get("node-smiles"), tags=s.ALLOWED_HTML_TAGS).strip()
 
+        node_smiles = request.POST.get("node-smiles").strip()
         current_pathway.add_node(node_smiles, name=node_name, description=node_description)
 
         return redirect(current_pathway.url)
diff --git a/templates/collections/objects_list.html b/templates/collections/objects_list.html
index bfe98d63..303ef876 100644
--- a/templates/collections/objects_list.html
+++ b/templates/collections/objects_list.html
@@ -1,5 +1,6 @@
 {% extends "framework.html" %}
 {% load static %}
+{% load envipytags %}
 {% block content %}
 
     {% if object_type != 'package' %}
@@ -192,7 +193,7 @@
             <div class="panel-body list-group-item" id="ReviewedContent">
                 {% if object_type == 'package' %}
                 {% for obj in reviewed_objects %}
-                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name }}
+                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name|nh_safe }}
                     <span class="glyphicon glyphicon-star" aria-hidden="true"
                           style="float:right" data-toggle="tooltip"
                           data-placement="top" title="" data-original-title="Reviewed">
@@ -201,7 +202,7 @@
                 {% endfor %}
                 {% else %}
                 {% for obj in reviewed_objects|slice:":50" %}
-                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name }}{# <i>({{ obj.package.name }})</i> #}
+                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name|nh_safe }}{# <i>({{ obj.package.name }})</i> #}
                     <span class="glyphicon glyphicon-star" aria-hidden="true"
                           style="float:right" data-toggle="tooltip"
                           data-placement="top" title="" data-original-title="Reviewed">
@@ -221,11 +222,11 @@
             <div class="panel-body list-group-item" id="UnreviewedContent">
                 {% if object_type == 'package' %}
                 {% for obj in unreviewed_objects %}
-                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name }}</a>
+                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name|nh_safe }}</a>
                 {% endfor %}
                 {% else %}
                 {% for obj in unreviewed_objects|slice:":50" %}
-                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name }}</a>
+                <a class="list-group-item" href="{{ obj.url }}">{{ obj.name|nh_safe }}</a>
                 {% endfor %}
                 {% endif %}
             </div>
@@ -236,9 +237,9 @@
         <ul class='list-group'>
             {% for obj in objects %}
             {% if object_type == 'user' %}
-            <a class="list-group-item" href="{{ obj.url }}">{{ obj.username }}</a>
+            <a class="list-group-item" href="{{ obj.url }}">{{ obj.username|nh_safe }}</a>
             {% else %}
-            <a class="list-group-item" href="{{ obj.url }}">{{ obj.name }}</a>
+            <a class="list-group-item" href="{{ obj.url }}">{{ obj.name|nh_safe }}</a>
             {% endif %}
             {% endfor %}
         </ul>
diff --git a/templates/migration.html b/templates/migration.html
index ad681b34..9899aca5 100644
--- a/templates/migration.html
+++ b/templates/migration.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 <div class="panel-group" id="migration-detail">
@@ -26,12 +27,12 @@
             {% endif %}
             <h4 class="panel-title">
                 <a id="{{ obj.id }}-link" data-toggle="collapse" data-parent="#migration-detail"
-                   href="#{{ obj.id }}">{{ obj.name }}</a>
+                   href="#{{ obj.id }}">{{ obj.name|nh_safe }}</a>
             </h4>
         </div>
         <div id="{{ obj.id }}" class="panel-collapse collapse {% if not obj.status %}in{% endif %}">
             <div class="panel-body list-group-item">
-                <a class="list-group-item" href="{{ obj.detail_url }}">{{ obj.name }} Migration Detail Page</a>
+                <a class="list-group-item" href="{{ obj.detail_url }}">{{ obj.name|nh_safe }} Migration Detail Page</a>
             </div>
         </div>
         {% endfor %}
diff --git a/templates/migration_detail.html b/templates/migration_detail.html
index 030dc73e..1aa17cd7 100644
--- a/templates/migration_detail.html
+++ b/templates/migration_detail.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
     <div class="panel-group" id="migration-detail">
@@ -27,7 +28,7 @@
                     {% endif %}
                     <h4 class="panel-title">
                         <a id="{{ obj.id }}-link" data-toggle="collapse" data-parent="#migration-detail"
-                           href="#{{ obj.id }}">{{ obj.name }}</a>
+                           href="#{{ obj.id }}">{{ obj.name|nh_safe }}</a>
                     </h4>
                 </div>
                 <div id="{{ obj.id }}" class="panel-collapse collapse {% if not obj.status %}in{% endif %}">
diff --git a/templates/modals/collections/new_model_modal.html b/templates/modals/collections/new_model_modal.html
index b58a65ed..43ab47a7 100644
--- a/templates/modals/collections/new_model_modal.html
+++ b/templates/modals/collections/new_model_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 <div class="modal fade" tabindex="-1" id="new_model_modal" role="dialog" aria-labelledby="new_model_modal"
      aria-hidden="true">
     <div class="modal-dialog modal-lg">
@@ -41,14 +42,14 @@
                             <option disabled>Reviewed Packages</option>
                             {% for obj in meta.readable_packages %}
                             {% if obj.reviewed %}
-                            <option value="{{ obj.url }}">{{ obj.name }}</option>
+                            <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                             {% endfor %}
 
                             <option disabled>Unreviewed Packages</option>
                             {% for obj in meta.readable_packages %}
                             {% if not obj.reviewed %}
-                            <option value="{{ obj.url }}">{{ obj.name }}</option>
+                            <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                             {% endfor %}
                         </select>
@@ -59,14 +60,14 @@
                             <option disabled>Reviewed Packages</option>
                             {% for obj in meta.readable_packages %}
                             {% if obj.reviewed %}
-                            <option value="{{ obj.url }}">{{ obj.name }}</option>
+                            <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                             {% endfor %}
 
                             <option disabled>Unreviewed Packages</option>
                             {% for obj in meta.readable_packages %}
                             {% if not obj.reviewed %}
-                            <option value="{{ obj.url }}">{{ obj.name }}</option>
+                            <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                             {% endfor %}
                         </select>
diff --git a/templates/modals/collections/new_pathway_modal.html b/templates/modals/collections/new_pathway_modal.html
index 929d7917..b833fedd 100644
--- a/templates/modals/collections/new_pathway_modal.html
+++ b/templates/modals/collections/new_pathway_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <div class="modal fade" tabindex="-1" id="new_pathway_modal" role="dialog" aria-labelledby="new_pathway_modal"
      aria-hidden="true" style="overflow-y: auto;">
@@ -111,7 +112,7 @@
 
                     <select id="settingSelect" name="settingSelect" class="form-control">
                         {% for setting in available_settings %}
-                        <option value="{{ setting.id }}">{{ setting.name }}</option>
+                        <option value="{{ setting.id }}">{{ setting.name|nh_safe }}</option>
                         {% endfor %}
                     </select>
                     <p></p>
diff --git a/templates/modals/collections/new_prediction_setting_modal.html b/templates/modals/collections/new_prediction_setting_modal.html
index f09ee32f..c14e1d0d 100644
--- a/templates/modals/collections/new_prediction_setting_modal.html
+++ b/templates/modals/collections/new_prediction_setting_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 
 <div id="new_prediction_setting_modal" class="modal" tabindex="-1">
@@ -40,14 +41,14 @@
                             <option disabled>Reviewed Packages</option>
                             {% for obj in meta.readable_packages %}
                             {% if obj.reviewed %}
-                            <option value="{{ obj.url }}">{{ obj.name }}</option>
+                            <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                             {% endfor %}
 
                             <option disabled>Unreviewed Packages</option>
                             {% for obj in meta.readable_packages %}
                             {% if not obj.reviewed %}
-                            <option value="{{ obj.url }}">{{ obj.name }}</option>
+                            <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                             {% endfor %}
                         </select>
@@ -57,7 +58,7 @@
                         <select id="model-based-prediction-setting-model" name="model-based-prediction-setting-model" class="form-control" data-width='100%'>
                         <option disabled selected>Select the model</option>
                         {% for m in models %}
-                        <option value="{{ m.url }}">{{ m.name }}</option>
+                        <option value="{{ m.url }}">{{ m.name|nh_safe }}</option>
                         {% endfor %}
                         </select>
                         <label for="model-based-prediction-setting-threshold">Threshold</label>
diff --git a/templates/modals/objects/add_pathway_edge_modal.html b/templates/modals/objects/add_pathway_edge_modal.html
index 401ef04f..66b6aabd 100644
--- a/templates/modals/objects/add_pathway_edge_modal.html
+++ b/templates/modals/objects/add_pathway_edge_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <div class="modal fade bs-modal-lg" id="add_pathway_edge_modal" tabindex="-1" aria-labelledby="add_pathway_edge_modal"
      aria-modal="true"
@@ -36,7 +37,7 @@
                             <select id="add_pathway_edge_substrates" name="edge-substrates"
                                     data-actions-box='true' class="form-control" multiple data-width='100%'>
                                 {% for n in pathway.nodes %}
-                                    <option data-smiles="{{ n.default_node_label.smiles }}" value="{{ n.url }}">{{ n.default_node_label.name }}</option>
+                                    <option data-smiles="{{ n.default_node_label.smiles }}" value="{{ n.url }}">{{ n.default_node_label.name|nh_safe }}</option>
                                 {% endfor %}
                             </select>
                         </div>
@@ -47,7 +48,7 @@
                             <select id="add_pathway_edge_products" name="edge-products"
                                     data-actions-box='true' class="form-control" multiple data-width='100%'>
                                 {% for n in pathway.nodes %}
-                                    <option data-smiles="{{ n.default_node_label.smiles }}" value="{{ n.url }}">{{ n.default_node_label.name }}</option>
+                                    <option data-smiles="{{ n.default_node_label.smiles }}" value="{{ n.url }}">{{ n.default_node_label.name|nh_safe }}</option>
                                 {% endfor %}
                             </select>
                         </div>
diff --git a/templates/modals/objects/delete_pathway_edge_modal.html b/templates/modals/objects/delete_pathway_edge_modal.html
index acc52be3..e980ab7e 100644
--- a/templates/modals/objects/delete_pathway_edge_modal.html
+++ b/templates/modals/objects/delete_pathway_edge_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Delete Edge -->
 <div id="delete_pathway_edge_modal" class="modal" tabindex="-1">
@@ -19,7 +20,7 @@
                             data-actions-box='true' class="form-control" data-width='100%'>
                         <option value="" disabled selected>Select Reaction to delete</option>
                         {% for e in pathway.edges %}
-                            <option value="{{ e.url }}">{{ e.edge_label.name }}</option>
+                            <option value="{{ e.url }}">{{ e.edge_label.name|nh_safe }}</option>
                         {% endfor %}
                     </select>
                     <input type="hidden" id="hidden" name="hidden" value="delete"/>
diff --git a/templates/modals/objects/delete_pathway_node_modal.html b/templates/modals/objects/delete_pathway_node_modal.html
index 0b844d8a..e0f575a5 100644
--- a/templates/modals/objects/delete_pathway_node_modal.html
+++ b/templates/modals/objects/delete_pathway_node_modal.html
@@ -1,4 +1,5 @@
 {% load static %}
+{% load envipytags %}
 <!-- Delete Node -->
 <div id="delete_pathway_node_modal" class="modal" tabindex="-1">
     <div class="modal-dialog">
@@ -19,7 +20,7 @@
                             data-actions-box='true' class="form-control" data-width='100%'>
                         <option value="" disabled selected>Select Compound to delete</option>
                         {% for n in pathway.nodes %}
-                            <option value="{{ n.url }}">{{ n.default_node_label.name }}</option>
+                            <option value="{{ n.url }}">{{ n.default_node_label.name|nh_safe }}</option>
                         {% endfor %}
                     </select>
                     <input type="hidden" id="hidden" name="hidden" value="delete"/>
diff --git a/templates/modals/objects/edit_compound_modal.html b/templates/modals/objects/edit_compound_modal.html
index 52c702b2..bdb59deb 100644
--- a/templates/modals/objects/edit_compound_modal.html
+++ b/templates/modals/objects/edit_compound_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Compound -->
 <div id="edit_compound_modal" class="modal" tabindex="-1">
@@ -15,12 +16,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="compound-name">Name</label>
-                        <input id="compound-name" class="form-control" name="compound-name" value="{{ compound.name}}">
+                        <input id="compound-name" class="form-control" name="compound-name" value="{{ compound.name|nh_safe}}">
                     </p>
                     <p>
                         <label for="compound-description">Description</label>
                         <input id="compound-description" type="text" class="form-control"
-                               value="{{ compound.description }}"
+                               value="{{ compound.description|nh_safe }}"
                                name="compound-description">
                     </p>
                 </form>
diff --git a/templates/modals/objects/edit_compound_structure_modal.html b/templates/modals/objects/edit_compound_structure_modal.html
index 6ca767bf..8421be4f 100644
--- a/templates/modals/objects/edit_compound_structure_modal.html
+++ b/templates/modals/objects/edit_compound_structure_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Compound -->
 <div id="edit_compound_structure_modal" class="modal" tabindex="-1">
@@ -15,12 +16,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="compound-structure-name">Name</label>
-                        <input id="compound-structure-name" class="form-control" name="compound-structure-name" value="{{ compound_structure.name }}">
+                        <input id="compound-structure-name" class="form-control" name="compound-structure-name" value="{{ compound_structure.name|nh_safe }}">
                     </p>
                     <p>
                         <label for="compound-structure-description">Description</label>
                         <input id="compound-structure-description" type="text" class="form-control"
-                               value="{{ compound_structure.description }}" name="compound-structure-description">
+                               value="{{ compound_structure.description|nh_safe }}" name="compound-structure-description">
                     </p>
                 </form>
             </div>
diff --git a/templates/modals/objects/edit_group_member_modal.html b/templates/modals/objects/edit_group_member_modal.html
index 79a3daa5..81f15a13 100644
--- a/templates/modals/objects/edit_group_member_modal.html
+++ b/templates/modals/objects/edit_group_member_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Package Permission -->
 <div id="edit_group_member_modal" class="modal" tabindex="-1">
@@ -39,7 +40,7 @@
                                 {% endfor %}
                                 <option disabled>Groups</option>
                                 {% for g in groups %}
-                                <option value="{{ g.url }}">{{ g.name }}</option>
+                                <option value="{{ g.url }}">{{ g.name|nh_safe }}</option>
                                 {% endfor %}
                             </select>
                             <input type="hidden" name="action" value="add">
@@ -81,7 +82,7 @@
                           accept-charset="UTF-8" action="" data-remote="true" method="post">
                         {% csrf_token %}
                         <div class="col-xs-8">
-                            {{ g.name }}
+                            {{ g.name|nh_safe }}
                             <input type="hidden" name="member" value="{{ g.url }}"/>
                             <input type="hidden" name="action" value="remove">
                         </div>
diff --git a/templates/modals/objects/edit_model_modal.html b/templates/modals/objects/edit_model_modal.html
index 59c6705a..b545f936 100644
--- a/templates/modals/objects/edit_model_modal.html
+++ b/templates/modals/objects/edit_model_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Model -->
 <div id="edit_model_modal" class="modal" tabindex="-1">
@@ -16,12 +17,12 @@
                     <p>
                         <label for="model-name">Name</label>
                         <input id="model-name" type="text" class="form-control" name="model-name"
-                               value="{{ model.name }}">
+                               value="{{ model.name|nh_safe }}">
                     </p>
                     <p>
                         <label for="model-description">Description</label>
                         <input id="model-description" type="text" class="form-control" name="model-description"
-                               value="{{ model.description }}">
+                               value="{{ model.description|nh_safe }}">
                     </p>
                 </form>
             </div>
diff --git a/templates/modals/objects/edit_node_modal.html b/templates/modals/objects/edit_node_modal.html
index 380f8317..86db32ef 100644
--- a/templates/modals/objects/edit_node_modal.html
+++ b/templates/modals/objects/edit_node_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Node -->
 <div id="edit_node_modal" class="modal" tabindex="-1">
@@ -15,12 +16,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="node-name">Name</label>
-                        <input id="node-name" class="form-control" name="node-name" value="{{ node.name}}">
+                        <input id="node-name" class="form-control" name="node-name" value="{{ node.name|nh_safe}}">
                     </p>
                     <p>
                         <label for="node-description">Description</label>
                         <input id="node-description" type="text" class="form-control"
-                               value="{{ node.description }}"
+                               value="{{ node.description|nh_safe }}"
                                name="node-description">
                     </p>
                 </form>
diff --git a/templates/modals/objects/edit_package_modal.html b/templates/modals/objects/edit_package_modal.html
index f9f6b6f4..a6fcade4 100644
--- a/templates/modals/objects/edit_package_modal.html
+++ b/templates/modals/objects/edit_package_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Package -->
 <div id="edit_package_modal" class="modal" tabindex="-1">
@@ -15,12 +16,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="package-name">Name</label>
-                        <input id="package-name" class="form-control" name="package-name" value="{{ package.name}}">
+                        <input id="package-name" class="form-control" name="package-name" value="{{ package.name|nh_safe}}">
                     </p>
                     <p>
                         <label for="package-description">Description</label>
                         <input id="package-description" type="text" class="form-control"
-                               value="{{ package.description }}"
+                               value="{{ package.description|nh_safe }}"
                                name="package-description">
                     </p>
                 </form>
diff --git a/templates/modals/objects/edit_package_permissions_modal.html b/templates/modals/objects/edit_package_permissions_modal.html
index 2d2d1e6e..af72843c 100644
--- a/templates/modals/objects/edit_package_permissions_modal.html
+++ b/templates/modals/objects/edit_package_permissions_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Package Permission -->
 <div id="edit_package_permissions_modal" class="modal" tabindex="-1">
@@ -46,7 +47,7 @@
                                 {% endfor %}
                                 <option disabled>Groups</option>
                                 {% for g in groups %}
-                                <option value="{{ g.url }}">{{ g.name }}</option>
+                                <option value="{{ g.url }}">{{ g.name|nh_safe }}</option>
                                 {% endfor %}
                             </select>
                         </div>
@@ -100,7 +101,7 @@
                           accept-charset="UTF-8" action="" data-remote="true" method="post">
                         {% csrf_token %}
                         <div class="col-xs-4">
-                            {{ gp.group.name }}
+                            {{ gp.group.name|nh_safe }}
                             <input type="hidden" name="grantee" value="{{ gp.group.url }}"/>
                         </div>
                         <div class="col-xs-2">
diff --git a/templates/modals/objects/edit_pathway_modal.html b/templates/modals/objects/edit_pathway_modal.html
index 3e882678..cac618d2 100644
--- a/templates/modals/objects/edit_pathway_modal.html
+++ b/templates/modals/objects/edit_pathway_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Pathway -->
 <div id="edit_pathway_modal" class="modal" tabindex="-1">
@@ -15,12 +16,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="pathway-name">Name</label>
-                        <input id="pathway-name" class="form-control" name="pathway-name" value="{{ pathway.name }}">
+                        <input id="pathway-name" class="form-control" name="pathway-name" value="{{ pathway.name|nh_safe }}">
                     </p>
                     <p>
                         <label for="pathway-description">Description</label>
                         <textarea id="pathway-description" type="text" class="form-control" name="pathway-description"
-                                  rows="10">{{ pathway.description }}</textarea>
+                                  rows="10">{{ pathway.description|nh_safe }}</textarea>
                     </p>
                 </form>
             </div>
diff --git a/templates/modals/objects/edit_prediction_setting_modal.html b/templates/modals/objects/edit_prediction_setting_modal.html
index ccfc2694..046efc56 100644
--- a/templates/modals/objects/edit_prediction_setting_modal.html
+++ b/templates/modals/objects/edit_prediction_setting_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Package -->
 <div id="update_prediction_settings_modal" class="modal" tabindex="-1">
@@ -32,7 +33,7 @@
                                                 <td colspan="2">
                                                     <select id="model" name="model" class="form-control" data-width='100%'>
                                                     {% for m in models %}
-                                                    <option value="{{ m.id }}" {% if user.prediction_settings.model.url == m.url %}selected{% endif %}>{{ m.name }}</option>
+                                                    <option value="{{ m.id }}" {% if user.prediction_settings.model.url == m.url %}selected{% endif %}>{{ m.name|nh_safe }}</option>
                                                     {% endfor %}
                                                     </select>
                                                 </td>
diff --git a/templates/modals/objects/edit_reaction_modal.html b/templates/modals/objects/edit_reaction_modal.html
index c7db2673..4a4469a1 100644
--- a/templates/modals/objects/edit_reaction_modal.html
+++ b/templates/modals/objects/edit_reaction_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Reaction -->
 <div id="edit_reaction_modal" class="modal" tabindex="-1">
@@ -14,12 +15,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="reaction-name">Name</label>
-                        <input id="reaction-name" class="form-control" name="reaction-name" value="{{ reaction.name }}">
+                        <input id="reaction-name" class="form-control" name="reaction-name" value="{{ reaction.name|nh_safe }}">
                     </p>
                     <p>
                         <label for="reaction-description">Description</label>
                         <input id="reaction-description" type="text" class="form-control"
-                               value="{{ reaction.description }}" name="reaction-description">
+                               value="{{ reaction.description|nh_safe }}" name="reaction-description">
                     </p>
                 </form>
             </div>
diff --git a/templates/modals/objects/edit_rule_modal.html b/templates/modals/objects/edit_rule_modal.html
index 9b0d8176..95c355d9 100644
--- a/templates/modals/objects/edit_rule_modal.html
+++ b/templates/modals/objects/edit_rule_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit Rule -->
 <div id="edit_rule_modal" class="modal" tabindex="-1">
@@ -14,12 +15,12 @@
                     {% csrf_token %}
                     <p>
                         <label for="rule-name">Name</label>
-                        <input id="rule-name" class="form-control" name="rule-name" value="{{ rule.name }}">
+                        <input id="rule-name" class="form-control" name="rule-name" value="{{ rule.name|nh_safe }}">
                     </p>
                     <p>
                         <label for="rule-description">Description</label>
                         <input id="rule-description" type="text" class="form-control"
-                               value="{{ rule.description }}" name="rule-description">
+                               value="{{ rule.description|nh_safe }}" name="rule-description">
                     </p>
                 </form>
             </div>
diff --git a/templates/modals/objects/edit_user_modal.html b/templates/modals/objects/edit_user_modal.html
index 3d3d09e1..dd28008e 100644
--- a/templates/modals/objects/edit_user_modal.html
+++ b/templates/modals/objects/edit_user_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Edit User -->
 <div id="edit_user_modal" class="modal" tabindex="-1">
@@ -18,7 +19,7 @@
                         <select id="default-package" name="default-package" class="form-control" data-width='100%'>
                             <option disabled>Select a Package</option>
                             {% for p in meta.writeable_packages %}
-                            <option value="{{ p.url }}" {% if p.id == meta.user.default_package.id %}selected{% endif %}>{{ p.name }}</option>
+                            <option value="{{ p.url }}" {% if p.id == meta.user.default_package.id %}selected{% endif %}>{{ p.name|nh_safe }}</option>
                             {% endfor %}
                         </select>
                     </p>
@@ -27,7 +28,7 @@
                         <select id="default-group" name="default-group" class="form-control" data-width='100%'>
                             <option disabled>Select a Group</option>
                             {% for g in meta.available_groups %}
-                            <option value="{{ g.url }}" {% if g.id == meta.user.default_group.id %}selected{% endif %}>{{ g.name }}</option>
+                            <option value="{{ g.url }}" {% if g.id == meta.user.default_group.id %}selected{% endif %}>{{ g.name|nh_safe }}</option>
                             {% endfor %}
                         </select>
                     </p>
@@ -36,7 +37,7 @@
                         <select id="default-prediction-setting" name="default-prediction-setting" class="form-control" data-width='100%'>
                             <option disabled>Select a Setting</option>
                             {% for s in meta.available_settings %}
-                            <option value="{{ s.url }}" {% if s.id == meta.user.default_setting.id %}selected{% endif %}>{{ s.name }}</option>
+                            <option value="{{ s.url }}" {% if s.id == meta.user.default_setting.id %}selected{% endif %}>{{ s.name|nh_safe }}</option>
                             {% endfor %}
                         </select>
                     </p>
diff --git a/templates/modals/objects/evaluate_model_modal.html b/templates/modals/objects/evaluate_model_modal.html
index a42c68bb..45afb5db 100644
--- a/templates/modals/objects/evaluate_model_modal.html
+++ b/templates/modals/objects/evaluate_model_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 <div class="modal fade" tabindex="-1" id="evaluate_model_modal" role="dialog" aria-labelledby="evaluate_model_modal"
      aria-hidden="true">
     <div class="modal-dialog modal-lg">
@@ -24,14 +25,14 @@
                         <option disabled>Reviewed Packages</option>
                         {% for obj in meta.readable_packages %}
                             {% if obj.reviewed %}
-                                <option value="{{ obj.url }}">{{ obj.name }}</option>
+                                <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                         {% endfor %}
 
                         <option disabled>Unreviewed Packages</option>
                         {% for obj in meta.readable_packages %}
                             {% if not obj.reviewed %}
-                                <option value="{{ obj.url }}">{{ obj.name }}</option>
+                                <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                             {% endif %}
                         {% endfor %}
                     </select>
diff --git a/templates/modals/objects/generic_copy_object_modal.html b/templates/modals/objects/generic_copy_object_modal.html
index b021425b..588a26e3 100644
--- a/templates/modals/objects/generic_copy_object_modal.html
+++ b/templates/modals/objects/generic_copy_object_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Copy Object -->
 <div id="generic_copy_object_modal" class="modal" tabindex="-1">
@@ -18,7 +19,7 @@
                             data-width='100%'>
                         <option disabled selected>Select Target Package</option>
                         {% for p in meta.writeable_packages %}
-                            <option value="{{ p.url }}">{{ p.name }}</option>`
+                            <option value="{{ p.url }}">{{ p.name|nh_safe }}</option>`
                         {% endfor %}
                     </select>
                     <input type="hidden" name="hidden" value="copy">
diff --git a/templates/modals/objects/generic_set_aliases_modal.html b/templates/modals/objects/generic_set_aliases_modal.html
index 7c882134..cbf8a526 100644
--- a/templates/modals/objects/generic_set_aliases_modal.html
+++ b/templates/modals/objects/generic_set_aliases_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 
 <style>
@@ -55,7 +56,7 @@
                 <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                     <span aria-hidden="true">×</span>
                 </button>
-                <h4 class="modal-title">Set Aliases for {{ current_object.name }}</h4>
+                <h4 class="modal-title">Set Aliases for {{ current_object.name|nh_safe }}</h4>
             </div>
             <div class="modal-body">
                 <form id="set_aliases_modal_form" accept-charset="UTF-8" action="{{ current_object.url }}"
diff --git a/templates/modals/objects/generic_set_external_reference_modal.html b/templates/modals/objects/generic_set_external_reference_modal.html
index 8efdc8dd..b72a9b55 100644
--- a/templates/modals/objects/generic_set_external_reference_modal.html
+++ b/templates/modals/objects/generic_set_external_reference_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <!-- Delete Object -->
 <div id="generic_set_external_reference_modal" class="modal" tabindex="-1">
@@ -23,7 +24,7 @@
                             {% if entity == object_type %}
                                 {% for db in databases %}
                                     <option id="db-select-{{ db.database.pk }}" data-input-placeholder="{{ db.placeholder }}"
-                                            value="{{ db.database.id }}">{{ db.database.name }}</option>`
+                                            value="{{ db.database.id }}">{{ db.database.name|nh_safe }}</option>`
                                 {% endfor %}
                             {% endif %}
                         {% endfor %}
diff --git a/templates/modals/objects/generic_set_scenario_modal.html b/templates/modals/objects/generic_set_scenario_modal.html
index 42ec3b16..bd5441d0 100644
--- a/templates/modals/objects/generic_set_scenario_modal.html
+++ b/templates/modals/objects/generic_set_scenario_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <div class="modal fade bs-modal-lg" id="set_scenario_modal" tabindex="-1" aria-labelledby="set_scenario_modal"
      aria-modal="true" role="dialog">
@@ -7,7 +8,7 @@
                 <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                     <span aria-hidden="true">×</span>
                 </button>
-                <h4 class="modal-title">Set Scenarios for {{ current_object.name }}</h4>
+                <h4 class="modal-title">Set Scenarios for {{ current_object.name|nh_safe }}</h4>
             </div>
             <div class="modal-body">
                 <div id="loading_scenario_div" class="text-center"></div>
diff --git a/templates/modals/objects/manage_api_token_modal.html b/templates/modals/objects/manage_api_token_modal.html
index 4eaf2da4..41661277 100644
--- a/templates/modals/objects/manage_api_token_modal.html
+++ b/templates/modals/objects/manage_api_token_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 <div class="modal fade"
      tabindex="-1"
      id="manage_api_token_modal"
@@ -41,7 +42,7 @@
                         <div class="input-group">
                             <input type="hidden" name="hidden" value="delete">
                             <input type="hidden" name="token-id" value="{{ t.pk }}">
-                            <input type="text" class="form-control" value="{{ t.name }}" disabled>
+                            <input type="text" class="form-control" value="{{ t.name|nh_safe }}" disabled>
                             <span class="input-group-btn">
                                 <button type="submit" class="btn btn-danger">Delete</button>
                             </span>
diff --git a/templates/modals/predict_modal.html b/templates/modals/predict_modal.html
index 8d806342..f818b063 100644
--- a/templates/modals/predict_modal.html
+++ b/templates/modals/predict_modal.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 {% load static %}
 <div class="modal fade bs-modal-lg" id="predict_modal" tabindex="-1" aria-labelledby="predict_modal" aria-modal="true"
      role="dialog">
@@ -56,7 +57,7 @@
                         <option disabled>Select a Setting</option>
                         {% for s in meta.available_settings %}
                             <option value="{{ s.url }}"{% if s.id == meta.user.default_setting.id %}selected{% endif %}>
-                                {{ s.name }}{% if s.id == meta.user.default_setting.id %} <i>(User default)</i>{% endif %}
+                                {{ s.name|nh_safe }}{% if s.id == meta.user.default_setting.id %} <i>(User default)</i>{% endif %}
                             </option>
                         {% endfor %}
                     </select>
diff --git a/templates/objects/composite_rule.html b/templates/objects/composite_rule.html
index 4e5aaafe..8907bccd 100644
--- a/templates/objects/composite_rule.html
+++ b/templates/objects/composite_rule.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -13,7 +14,7 @@
 <div class="panel-group" id="rule-detail">
     <div class="panel panel-default">
         <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-            {{ rule.name }}
+            {{ rule.name|nh_safe }}
             <div id="actionsButton"
                  style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                  class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -29,7 +30,7 @@
         </div>
         <div class="panel-body">
             <p>
-                {{ rule.description }}
+                {{ rule.description|nh_safe }}
             </p>
         </div>
 
@@ -60,7 +61,7 @@
         <div id="rule-reaction-patterns" class="panel-collapse collapse in">
             <div class="panel-body list-group-item">
                 {% for r in rule.srs %}
-                <a class="list-group-item" href="{{ r.url }}">{{ r.name }}</a>
+                <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }}</a>
                 <div align="center">
                     <p>
                         {{r.as_svg|safe}}
@@ -81,7 +82,7 @@
             <div id="rule-scenario" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
                     {% for s in rule.scenarios.all %}
-                        <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                        <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                     {% endfor %}
                 </div>
             </div>
diff --git a/templates/objects/compound.html b/templates/objects/compound.html
index 98083ca6..2edc3611 100644
--- a/templates/objects/compound.html
+++ b/templates/objects/compound.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -15,7 +16,7 @@
     <div class="panel-group" id="compound-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ compound.name }}
+                {{ compound.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -64,7 +65,7 @@
             </div>
             <div id="compound-desc" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
-                    {{ compound.description }}
+                    {{ compound.description|nh_safe }}
                 </div>
             </div>
 
@@ -133,7 +134,7 @@
                 <div id="compound-reaction" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for r in compound.related_reactions %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }} <i>({{ r.package.name }})</i></a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }} <i>({{ r.package.name|nh_safe }})</i></a>
                         {% endfor %}
                     </div>
                 </div>
@@ -150,7 +151,7 @@
                 <div id="compound-pathway" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for r in compound.related_pathways %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }} <i>({{ r.package.name }})</i></a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }} <i>({{ r.package.name|nh_safe }})</i></a>
                         {% endfor %}
                     </div>
                 </div>
@@ -167,7 +168,7 @@
                 <div id="compound-scenario" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for s in compound.scenarios.all %}
-                            <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                            <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                         {% endfor %}
                     </div>
                 </div>
diff --git a/templates/objects/compound_structure.html b/templates/objects/compound_structure.html
index 258a797a..00bc80f7 100644
--- a/templates/objects/compound_structure.html
+++ b/templates/objects/compound_structure.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -13,7 +14,7 @@
 <div class="panel-group" id="compound-structure-detail">
     <div class="panel panel-default">
         <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-            {{ compound_structure.name }}
+            {{ compound_structure.name|nh_safe }}
             <div id="actionsButton"
                  style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                  class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -28,7 +29,7 @@
             </div>
         </div>
         <div class="panel-body">
-            <p> {{ compound_structure.description }} </p>
+            <p> {{ compound_structure.description|nh_safe }} </p>
         </div>
 
         <!-- Image -->
@@ -86,7 +87,7 @@
             <div id="compound-structure-scenario" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
                     {% for s in compound_structure.scenarios.all %}
-                        <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                        <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                     {% endfor %}
                 </div>
             </div>
diff --git a/templates/objects/edge.html b/templates/objects/edge.html
index 6ddab061..3b114b9a 100644
--- a/templates/objects/edge.html
+++ b/templates/objects/edge.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -12,7 +13,7 @@
     <div class="panel-group" id="edge-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ edge.edge_label.name }}
+                {{ edge.edge_label.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -36,7 +37,7 @@
             </div>
             <div id="edge-desc" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
-                    {{ edge.description }}
+                    {{ edge.description|nh_safe }}
                 </div>
             </div>
 
@@ -82,12 +83,12 @@
             <div id="edge-description-smiles" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
                     {% for educt in edge.start_nodes.all %}
-                        <a class="btn btn-default" href="{{ educt.url }}">{{ educt.name }}</a>
+                        <a class="btn btn-default" href="{{ educt.url }}">{{ educt.name|nh_safe }}</a>
                     {% endfor %}
                     <span class="glyphicon glyphicon-arrow-right" style="margin-left:5em;margin-right:5em;"
                           aria-hidden="true"></span>
                     {% for product in edge.end_nodes.all %}
-                        <a class="btn btn-default" href="{{ product.url }}">{{ product.name }}</a>
+                        <a class="btn btn-default" href="{{ product.url }}">{{ product.name|nh_safe }}</a>
                     {% endfor %}
                 </div>
             </div>
@@ -116,7 +117,7 @@
                 <div id="edge-rules" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for r in edge.edge_label.rules.all %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }}</a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -132,7 +133,7 @@
             <div id="edge-scenario" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
                     {% for s in edge.scenarios.all %}
-                        <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                        <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                     {% endfor %}
                 </div>
             </div>
diff --git a/templates/objects/group.html b/templates/objects/group.html
index dc97057f..8b4c3942 100644
--- a/templates/objects/group.html
+++ b/templates/objects/group.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -11,7 +12,7 @@
 <div class="panel-group" id="package-detail">
     <div class="panel panel-default">
         <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-            {{ group.name }}
+            {{ group.name|nh_safe }}
             <div id="actionsButton"
                  style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                  class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -26,7 +27,7 @@
             </div>
         </div>
         <div class="panel-body">
-            <p> {{ group.description }} </p>
+            <p> {{ group.description|nh_safe }} </p>
         </div>
     </div>
 
@@ -39,10 +40,10 @@
         </div>
         <ul class="list-group">
             {% for um in group.user_member.all %}
-            <a class="list-group-item" href="{{ um.url }}">{{ um.username }}</a>
+            <a class="list-group-item" href="{{ um.url }}">{{ um.username|nh_safe }}</a>
             {% endfor %}
             {% for gm in group.group_member.all %}
-            <a class="list-group-item" href="{{ gm.url }}">{{ gm.name }}</a>
+            <a class="list-group-item" href="{{ gm.url }}">{{ gm.name|nh_safe }}</a>
             {% endfor %}
         </ul>
     </div>
@@ -56,7 +57,7 @@
         </div>
         <ul class="list-group">
             {% for p in packages %}
-            <a class="list-group-item" href="{{ p.url }}">{{ p.name }}</a>
+            <a class="list-group-item" href="{{ p.url }}">{{ p.name|nh_safe }}</a>
             {% endfor %}
         </ul>
     </div>
diff --git a/templates/objects/model.html b/templates/objects/model.html
index b64bee39..84b9ed24 100644
--- a/templates/objects/model.html
+++ b/templates/objects/model.html
@@ -18,7 +18,7 @@
     <div class="panel-group" id="model-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ model.name }}
+                {{ model.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -33,7 +33,7 @@
                 </div>
             </div>
             <div class="panel-body">
-                <p> {{ model.description }} </p>
+                <p> {{ model.description|nh_safe }} </p>
             </div>
             {% if model|classname == 'MLRelativeReasoning' or model|classname == 'RuleBasedRelativeReasoning'%}
                 <!-- Rule Packages -->
@@ -46,7 +46,7 @@
                 <div id="rule-package" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for p in model.rule_packages.all %}
-                            <a class="list-group-item" href="{{ p.url }}">{{ p.name }}</a>
+                            <a class="list-group-item" href="{{ p.url }}">{{ p.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -60,7 +60,7 @@
                 <div id="reaction-package" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for p in model.data_packages.all %}
-                            <a class="list-group-item" href="{{ p.url }}">{{ p.name }}</a>
+                            <a class="list-group-item" href="{{ p.url }}">{{ p.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -75,7 +75,7 @@
                     <div id="eval-package" class="panel-collapse collapse in">
                         <div class="panel-body list-group-item">
                             {% for p in model.eval_packages.all %}
-                                <a class="list-group-item" href="{{ p.url }}">{{ p.name }}</a>
+                                <a class="list-group-item" href="{{ p.url }}">{{ p.name|nh_safe }}</a>
                             {% endfor %}
                         </div>
                     </div>
diff --git a/templates/objects/node.html b/templates/objects/node.html
index 55069fb9..1dc3545a 100644
--- a/templates/objects/node.html
+++ b/templates/objects/node.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -12,7 +13,7 @@
     <div class="panel-group" id="node-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ node.name }}
+                {{ node.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -39,7 +40,7 @@
             </div>
             <div id="node-desc" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
-                    {{ node.description }}
+                    {{ node.description|nh_safe }}
                 </div>
             </div>
 
@@ -98,7 +99,7 @@
                 <div id="node-scenario" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for s in node.scenarios.all %}
-                            <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                            <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                         {% endfor %}
                     </div>
                 </div>
diff --git a/templates/objects/package.html b/templates/objects/package.html
index 611dcffc..7398722f 100644
--- a/templates/objects/package.html
+++ b/templates/objects/package.html
@@ -15,7 +15,7 @@
 <div class="panel-group" id="package-detail">
     <div class="panel panel-default">
         <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-            {{ package.name }}
+            {{ package.name|nh_safe }}
             <div id="actionsButton"
                  style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                  class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
diff --git a/templates/objects/pathway.html b/templates/objects/pathway.html
index c7724e60..84707119 100644
--- a/templates/objects/pathway.html
+++ b/templates/objects/pathway.html
@@ -98,7 +98,7 @@
         <div class="panel-group" id="pwAccordion">
             <div class="panel panel-default">
                 <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                    {{ pathway.name }}
+                    {{ pathway.name|nh_safe }}
                 </div>
             </div>
             <div class="panel panel-default panel-heading list-group-item" style="background-color:silver">
@@ -239,7 +239,7 @@
                 <div id="pathway-scenario" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for s in pathway.scenarios.all %}
-                            <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                            <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                         {% endfor %}
                     </div>
                 </div>
@@ -269,7 +269,7 @@
                                                 <td colspan="2">
                                                     <li class="list-group-item">
                                                         <a href="{{ pathway.setting.model.url }}">
-                                                            {{ pathway.setting.model.name }}
+                                                            {{ pathway.setting.model.name|nh_safe }}
                                                         </a>
                                                     </li>
                                                 </td>
@@ -302,7 +302,7 @@
                                                     {% for p in pathway.setting.rule_packages.all %}
                                                         <li class="list-group-item">
                                                             <a href="{{ p.url }}">
-                                                                {{ p.name }}
+                                                                {{ p.name|nh_safe }}
                                                             </a>
                                                         </li>
                                                     {% endfor %}
diff --git a/templates/objects/reaction.html b/templates/objects/reaction.html
index 2a026d22..97c9bf3e 100644
--- a/templates/objects/reaction.html
+++ b/templates/objects/reaction.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -14,7 +15,7 @@
     <div class="panel-group" id="reaction-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ reaction.name }}
+                {{ reaction.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -38,7 +39,7 @@
             </div>
             <div id="reaction-desc" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
-                    {{ reaction.description }}
+                    {{ reaction.description|nh_safe }}
                 </div>
             </div>
 
@@ -84,12 +85,12 @@
             <div id="reaction-description-smiles" class="panel-collapse collapse in">
                 <div class="panel-body list-group-item">
                     {% for educt in reaction.educts.all %}
-                        <a class="btn btn-default" href="{{ educt.url }}">{{ educt.name }}</a>
+                        <a class="btn btn-default" href="{{ educt.url }}">{{ educt.name|nh_safe }}</a>
                     {% endfor %}
                     <span class="glyphicon glyphicon-arrow-right" style="margin-left:5em;margin-right:5em;"
                           aria-hidden="true"></span>
                     {% for product in reaction.products.all %}
-                        <a class="btn btn-default" href="{{ product.url }}">{{ product.name }}</a>
+                        <a class="btn btn-default" href="{{ product.url }}">{{ product.name|nh_safe }}</a>
                     {% endfor %}
                 </div>
             </div>
@@ -118,7 +119,7 @@
                 <div id="reaction-rules" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for r in reaction.rules.all %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }}</a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -135,7 +136,7 @@
                 <div id="reaction-pathway" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for r in reaction.related_pathways %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }}</a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -151,7 +152,7 @@
                 <div id="reaction-scenario" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for s in reaction.scenarios.all %}
-                            <a class="list-group-item" href="{{ s.url }}">{{ s.name }} <i>({{ s.package.name }})</i></a>
+                            <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }} <i>({{ s.package.name|nh_safe }})</i></a>
                         {% endfor %}
                     </div>
                 </div>
diff --git a/templates/objects/scenario.html b/templates/objects/scenario.html
index d99b61be..8fc7206c 100644
--- a/templates/objects/scenario.html
+++ b/templates/objects/scenario.html
@@ -11,7 +11,7 @@
     <div class="panel-group" id="scenario-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ scenario.name }}
+                {{ scenario.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -31,7 +31,7 @@
     <div class="panel panel-default">
         <div class="panel-heading">Description</div>
         <div class="panel-body">
-            {{ scenario.description }}
+            {{ scenario.description|nh_safe }}
             <br>
             {{ scenario.scenario_type }}
             <br>
diff --git a/templates/objects/simple_rule.html b/templates/objects/simple_rule.html
index cc55d856..a921e50e 100644
--- a/templates/objects/simple_rule.html
+++ b/templates/objects/simple_rule.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -13,7 +14,7 @@
     <div class="panel-group" id="rule-detail">
         <div class="panel panel-default">
             <div class="panel-heading" id="headingPanel" style="font-size:2rem;height: 46px">
-                {{ rule.name }}
+                {{ rule.name|nh_safe }}
                 <div id="actionsButton"
                      style="float: right;font-weight: normal;font-size: medium;position: relative; top: 50%; transform: translateY(-50%);z-index:100;display: none;"
                      class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"
@@ -29,7 +30,7 @@
             </div>
             <div class="panel-body">
                 <p>
-                    {{ rule.description }}
+                    {{ rule.description|nh_safe }}
                 </p>
             </div>
 
@@ -145,7 +146,7 @@
                 <div id="rule-composite-rule" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for cr in rule.parallelrule_set.all %}
-                            <a class="list-group-item" href="{{ cr.url }}">{{ cr.name }}</a>
+                            <a class="list-group-item" href="{{ cr.url }}">{{ cr.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -162,7 +163,7 @@
                 <div id="rule-scenario" class="panel-collapse collapse in">
                     <div class="panel-body list-group-item">
                         {% for s in rule.scenarios.all %}
-                            <a class="list-group-item" href="{{ s.url }}">{{ s.name }}</a>
+                            <a class="list-group-item" href="{{ s.url }}">{{ s.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -179,7 +180,7 @@
                 <div id="rule-reaction" class="panel-collapse collapse">
                     <div class="panel-body list-group-item">
                         {% for r in rule.related_reactions %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }}</a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
@@ -196,7 +197,7 @@
                 <div id="rule-pathway" class="panel-collapse collapse">
                     <div class="panel-body list-group-item">
                         {% for r in rule.related_pathways %}
-                            <a class="list-group-item" href="{{ r.url }}">{{ r.name }}</a>
+                            <a class="list-group-item" href="{{ r.url }}">{{ r.name|nh_safe }}</a>
                         {% endfor %}
                     </div>
                 </div>
diff --git a/templates/objects/user.html b/templates/objects/user.html
index 1e67898d..b8492860 100644
--- a/templates/objects/user.html
+++ b/templates/objects/user.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -41,7 +42,7 @@
     <div id="default-package" class="panel-collapse collapse in">
         <div class="panel-body list-group-item">
             <li class="list-group-item">
-                <a href="{{ user.default_package.url }}"> {{ user.default_package.name }}</a>
+                <a href="{{ user.default_package.url }}"> {{ user.default_package.name|nh_safe }}</a>
             </li>
         </div>
     </div>
@@ -58,7 +59,7 @@
         <div class="panel-body list-group-item">
             {% for g in meta.available_groups %}
             <li class="list-group-item">
-                <a href="{{ g.url }}"> {{ g.name }}</a>
+                <a href="{{ g.url }}"> {{ g.name|nh_safe }}</a>
             </li>
             {% endfor %}
         </div>
@@ -90,7 +91,7 @@
                                 <td colspan="2">
                                     <li class="list-group-item">
                                         <a href="{{user.default_setting.model.url}}">
-                                            {{ user.default_setting.model.name }}
+                                            {{ user.default_setting.model.name|nh_safe }}
                                         </a>
                                     </li>
                                 </td>
@@ -123,7 +124,7 @@
                                     {% for p in user.default_setting.rule_packages.all %}
                                     <li class="list-group-item">
                                         <a href="{{p.url}}">
-                                            {{ p.name }}
+                                            {{ p.name|nh_safe }}
                                         </a>
                                     </li>
                                     {% endfor %}
diff --git a/templates/pathway_playground2.html b/templates/pathway_playground2.html
index 30152768..29036b99 100644
--- a/templates/pathway_playground2.html
+++ b/templates/pathway_playground2.html
@@ -1,3 +1,4 @@
+{% load envipytags %}
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -18,7 +19,7 @@
 </head>
 <body>
 <p></p>
-{{ pathway.name }}
+{{ pathway.name|nh_safe }}
 <div id="viz">
     <svg width="2000" height="2000"> <!-- Sehr großes SVG für Zoom -->
         <defs>
diff --git a/templates/search.html b/templates/search.html
index 47ea336b..29a33f97 100644
--- a/templates/search.html
+++ b/templates/search.html
@@ -1,4 +1,5 @@
 {% extends "framework.html" %}
+{% load envipytags %}
 {% load static %}
 {% block content %}
 
@@ -11,13 +12,13 @@
                     <option disabled>Reviewed Packages</option>
                 {% endif %}
                 {% for obj in reviewed_objects %}
-                    <option value="{{ obj.url }}" selected>{{ obj.name }}</option>
+                    <option value="{{ obj.url }}" selected>{{ obj.name|nh_safe }}</option>
                 {% endfor %}
                 {% if unreviewed_objects %}
                     <option disabled>Unreviewed Packages</option>
                 {% endif %}
                 {% for obj in unreviewed_objects %}
-                    <option value="{{ obj.url }}">{{ obj.name }}</option>
+                    <option value="{{ obj.url }}">{{ obj.name|nh_safe }}</option>
                 {% endfor %}
             </select>
         </div>