diff --git a/rhodecode/controllers/changelog.py b/rhodecode/controllers/changelog.py
--- a/rhodecode/controllers/changelog.py
+++ b/rhodecode/controllers/changelog.py
@@ -39,7 +39,7 @@ from rhodecode.lib.compat import json
 from rhodecode.lib.graphmod import _colored, _dagwalker
 from rhodecode.lib.vcs.exceptions import RepositoryError, ChangesetDoesNotExistError,\
     ChangesetError, NodeDoesNotExistError, EmptyRepositoryError
-from rhodecode.lib.utils2 import safe_int
+from rhodecode.lib.utils2 import safe_int, safe_str
 
 
 log = logging.getLogger(__name__)
@@ -91,7 +91,7 @@ class ChangelogController(BaseRepoContro
 
         except RepositoryError, e:
             log.error(traceback.format_exc())
-            h.flash(str(e), category='warning')
+            h.flash(safe_str(e), category='warning')
             if not partial:
                 redirect(h.url('changelog_home', repo_name=repo.repo_name))
             raise HTTPBadRequest()
@@ -158,7 +158,7 @@ class ChangelogController(BaseRepoContro
                         cs = self.__get_cs_or_redirect(revision, repo_name)
                         collection = cs.get_file_history(f_path)
                     except RepositoryError, e:
-                        h.flash(str(e), category='warning')
+                        h.flash(safe_str(e), category='warning')
                         redirect(h.url('changelog_home', repo_name=repo_name))
                 collection = list(reversed(collection))
             else:
@@ -173,11 +173,11 @@ class ChangelogController(BaseRepoContro
             c.comments = c.rhodecode_db_repo.get_comments(page_revisions)
             c.statuses = c.rhodecode_db_repo.statuses(page_revisions)
         except (EmptyRepositoryError), e:
-            h.flash(str(e), category='warning')
+            h.flash(safe_str(e), category='warning')
             return redirect(url('summary_home', repo_name=c.repo_name))
         except (RepositoryError, ChangesetDoesNotExistError, Exception), e:
             log.error(traceback.format_exc())
-            h.flash(str(e), category='error')
+            h.flash(safe_str(e), category='error')
             return redirect(url('changelog_home', repo_name=c.repo_name))
 
         c.branch_name = branch_name
diff --git a/rhodecode/controllers/changeset.py b/rhodecode/controllers/changeset.py
--- a/rhodecode/controllers/changeset.py
+++ b/rhodecode/controllers/changeset.py
@@ -51,7 +51,7 @@ from rhodecode.model.repo import RepoMod
 from rhodecode.lib.diffs import LimitedDiffContainer
 from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
 from rhodecode.lib.vcs.backends.base import EmptyChangeset
-from rhodecode.lib.utils2 import safe_unicode
+from rhodecode.lib.utils2 import safe_unicode, safe_str
 
 log = logging.getLogger(__name__)
 
@@ -201,7 +201,7 @@ class ChangesetController(BaseRepoContro
 
         except (RepositoryError, ChangesetDoesNotExistError, Exception), e:
             log.error(traceback.format_exc())
-            h.flash(str(e), category='error')
+            h.flash(safe_str(e), category='error')
             raise HTTPNotFound()
 
         c.changes = OrderedDict()
diff --git a/rhodecode/controllers/compare.py b/rhodecode/controllers/compare.py
--- a/rhodecode/controllers/compare.py
+++ b/rhodecode/controllers/compare.py
@@ -28,7 +28,7 @@ import logging
 import traceback
 import re
 
-from webob.exc import HTTPNotFound
+from webob.exc import HTTPNotFound, HTTPBadRequest
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
@@ -40,9 +40,8 @@ from rhodecode.lib import helpers as h
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib import diffs
-
+from rhodecode.lib.utils2 import safe_str
 from rhodecode.model.db import Repository
-from webob.exc import HTTPBadRequest
 from rhodecode.lib.diffs import LimitedDiffContainer
 
 
@@ -91,7 +90,7 @@ class CompareController(BaseRepoControll
 
         except RepositoryError, e:
             log.error(traceback.format_exc())
-            h.flash(str(e), category='warning')
+            h.flash(safe_str(e), category='warning')
             if not partial:
                 redirect(h.url('summary_home', repo_name=repo.repo_name))
             raise HTTPBadRequest()
diff --git a/rhodecode/controllers/files.py b/rhodecode/controllers/files.py
--- a/rhodecode/controllers/files.py
+++ b/rhodecode/controllers/files.py
@@ -92,7 +92,7 @@ class FilesController(BaseRepoController
             redirect(h.url('summary_home', repo_name=repo_name))
 
         except RepositoryError, e:  # including ChangesetDoesNotExistError
-            h.flash(str(e), category='error')
+            h.flash(safe_str(e), category='error')
             raise HTTPNotFound()
 
     def __get_filenode_or_redirect(self, repo_name, cs, path):
@@ -110,7 +110,7 @@ class FilesController(BaseRepoController
             if file_node.is_dir():
                 raise RepositoryError('given path is a directory')
         except RepositoryError, e:
-            h.flash(str(e), category='error')
+            h.flash(safe_str(e), category='error')
             raise HTTPNotFound()
 
         return file_node
@@ -175,7 +175,7 @@ class FilesController(BaseRepoController
             else:
                 c.authors = c.file_history = []
         except RepositoryError, e:
-            h.flash(str(e), category='error')
+            h.flash(safe_str(e), category='error')
             raise HTTPNotFound()
 
         if request.environ.get('HTTP_X_PARTIAL_XHR'):