diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -1026,6 +1026,11 @@ class UserApiKeys(Base, BaseModel):
             data['auth_token'] = self.token_obfuscated
             return data
 
+    @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.description)
+
     @property
     def expired(self):
         if self.expires == -1:
@@ -1111,6 +1116,11 @@ class UserIpMap(Base, BaseModel):
     description = Column("description", String(10000), nullable=True, unique=None, default=None)
     user = relationship('User', lazy='joined')
 
+    @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.description)
+
     @classmethod
     def _get_ip_range(cls, ip_addr):
         net = ipaddress.ip_network(ip_addr, strict=False)
@@ -1199,6 +1209,11 @@ class UserGroup(Base, BaseModel):
     user = relationship('User')
 
     @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.description)
+
+    @hybrid_property
     def group_data(self):
         if not self._group_data:
             return {}
@@ -1496,6 +1511,11 @@ class Repository(Base, BaseModel):
                                    safe_unicode(self.repo_name))
 
     @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.description)
+
+    @hybrid_property
     def landing_rev(self):
         # always should return [rev_type, rev]
         if self._landing_revision:
@@ -1805,7 +1825,7 @@ class Repository(Base, BaseModel):
             'url': RepoModel().get_url(self),
             'private': repo.private,
             'created_on': repo.created_on,
-            'description': repo.description,
+            'description': repo.description_safe,
             'landing_rev': repo.landing_rev,
             'owner': repo.user.username,
             'fork_of': repo.fork.repo_name if repo.fork else None,
@@ -2204,8 +2224,13 @@ class RepoGroup(Base, BaseModel):
         self.parent_group = parent_group
 
     def __unicode__(self):
-        return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,
-                                      self.group_name)
+        return u"<%s('id:%s:%s')>" % (
+            self.__class__.__name__, self.group_id, self.group_name)
+
+    @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.group_description)
 
     @classmethod
     def _generate_choice(cls, repo_group):
@@ -2436,7 +2461,7 @@ class RepoGroup(Base, BaseModel):
         data = {
             'group_id': group.group_id,
             'group_name': group.group_name,
-            'group_description': group.group_description,
+            'group_description': group.description_safe,
             'parent_group': group.parent_group.group_name if group.parent_group else None,
             'repositories': [x.repo_name for x in group.repositories],
             'owner': group.user.username,
@@ -3303,6 +3328,11 @@ class _PullRequestBase(BaseModel):
         return json.dumps(self.reviewer_data)
 
     @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.description)
+
+    @hybrid_property
     def revisions(self):
         return self._revisions.split(':') if self._revisions else []
 
@@ -3739,6 +3769,11 @@ class Gist(Base, BaseModel):
     def __repr__(self):
         return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
 
+    @hybrid_property
+    def description_safe(self):
+        from rhodecode.lib import helpers as h
+        return h.escape(self.gist_description)
+
     @classmethod
     def get_or_404(cls, id_, pyramid_exc=False):
 
diff --git a/rhodecode/model/pull_request.py b/rhodecode/model/pull_request.py
--- a/rhodecode/model/pull_request.py
+++ b/rhodecode/model/pull_request.py
@@ -1295,7 +1295,7 @@ class PullRequestModel(BaseModel):
                 'lastname': repo.user.last_name,
                 'gravatar_link': h.gravatar_url(repo.user.email, 14),
             },
-            'description': h.chop_at_smart(repo.description, '\n'),
+            'description': h.chop_at_smart(repo.description_safe, '\n'),
             'refs': {
                 'all_refs': all_refs,
                 'selected_ref': selected_ref,
diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py
--- a/rhodecode/model/repo.py
+++ b/rhodecode/model/repo.py
@@ -257,7 +257,7 @@ class RepoModel(BaseModel):
                 "last_changeset": last_rev(repo.repo_name, cs_cache),
                 "last_changeset_raw": cs_cache.get('revision'),
 
-                "desc": desc(repo.description),
+                "desc": desc(repo.description_safe),
                 "owner": user_profile(repo.user.username),
 
                 "state": state(repo.repo_state),
diff --git a/rhodecode/model/repo_group.py b/rhodecode/model/repo_group.py
--- a/rhodecode/model/repo_group.py
+++ b/rhodecode/model/repo_group.py
@@ -711,7 +711,7 @@ class RepoGroupModel(BaseModel):
                 "menu": quick_menu(group.group_name),
                 "name": repo_group_lnk(group.group_name),
                 "name_raw": group.group_name,
-                "desc": desc(group.group_description, group.personal),
+                "desc": desc(group.description_safe, group.personal),
                 "top_level_repos": 0,
                 "owner": user_profile(group.user.username)
             }