diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php
index b1da78e1..5b79fea0 100644
--- a/src/mibew/libs/chat.php
+++ b/src/mibew/libs/chat.php
@@ -697,7 +697,7 @@ function chat_start_for_user(
             Thread::KIND_FOR_AGENT,
             getlocal(
                 'Visitor accepted invitation from operator {0}',
-                array($operator_name),
+                array(safe_htmlspecialchars($operator_name)),
                 get_current_locale(),
                 true
             )
@@ -706,7 +706,7 @@ function chat_start_for_user(
         if ($referrer) {
             $thread->postMessage(
                 Thread::KIND_FOR_AGENT,
-                getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
+                getlocal('Visitor came from page {0}', array(safe_htmlspecialchars($referrer)), get_current_locale(), true)
             );
         }
         if ($requested_operator && !$requested_operator_online) {
@@ -714,7 +714,7 @@ function chat_start_for_user(
                 Thread::KIND_INFO,
                 getlocal(
                     'Thank you for contacting us. We are sorry, but requested operator <strong>{0}</strong> is offline. Another operator will be with you shortly.',
-                    array(get_operator_name($requested_operator)),
+                    array(safe_htmlspecialchars(get_operator_name($requested_operator))),
                     get_current_locale(),
                     true
                 )
@@ -731,7 +731,7 @@ function chat_start_for_user(
     if ($info) {
         $thread->postMessage(
             Thread::KIND_FOR_AGENT,
-            getlocal('Info: {0}', array($info), get_current_locale(), true)
+            getlocal('Info: {0}', array(safe_htmlspecialchars($info)), get_current_locale(), true)
         );
     }
 
diff --git a/src/mibew/libs/classes/Mibew/Controller/ButtonController.php b/src/mibew/libs/classes/Mibew/Controller/ButtonController.php
index c8828a65..6ec0bc03 100644
--- a/src/mibew/libs/classes/Mibew/Controller/ButtonController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/ButtonController.php
@@ -50,7 +50,7 @@ class ButtonController extends AbstractController
             if ($thread && $thread->state != Thread::STATE_CLOSED) {
                 $msg = getlocal(
                     "Visitor navigated to {0}",
-                    array($referer),
+                    array(safe_htmlspecialchars($referer)),
                     $thread->locale,
                     true
                 );
diff --git a/src/mibew/libs/classes/Mibew/Controller/Chat/RedirectController.php b/src/mibew/libs/classes/Mibew/Controller/Chat/RedirectController.php
index 96bb88a2..36ca0bdd 100644
--- a/src/mibew/libs/classes/Mibew/Controller/Chat/RedirectController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/Chat/RedirectController.php
@@ -181,7 +181,7 @@ class RedirectController extends AbstractController
             Thread::KIND_EVENTS,
             getlocal(
                 'Operator {0} redirected you to another operator. Please wait a while.',
-                array(get_operator_name($this->getOperator())),
+                array(safe_htmlspecialchars(get_operator_name($this->getOperator()))),
                 $thread->locale,
                 true
             )
@@ -235,7 +235,7 @@ class RedirectController extends AbstractController
             Thread::KIND_EVENTS,
             getlocal(
                 'Operator {0} redirected you to another operator. Please wait a while.',
-                array(get_operator_name($this->getOperator())),
+                array(safe_htmlspecialchars(get_operator_name($this->getOperator()))),
                 $thread->locale,
                 true
             )
diff --git a/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php b/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
index 7f930229..b281ece7 100644
--- a/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
+++ b/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
@@ -671,7 +671,7 @@ class ThreadProcessor extends ClientSideProcessor implements
         if ($email) {
             $thread->postMessage(
                 Thread::KIND_FOR_AGENT,
-                getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
+                getlocal('E-Mail: {0}', array(safe_htmlspecialchars($email)), get_current_locale(), true)
             );
         }
 
@@ -790,19 +790,19 @@ class ThreadProcessor extends ClientSideProcessor implements
         if ($referrer) {
             $thread->postMessage(
                 Thread::KIND_FOR_AGENT,
-                getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
+                getlocal('Visitor came from page {0}', array(safe_htmlspecialchars($referrer)), get_current_locale(), true)
             );
         }
         if ($email) {
             $thread->postMessage(
                 Thread::KIND_FOR_AGENT,
-                getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
+                getlocal('E-Mail: {0}', array(safe_htmlspecialchars($email)), get_current_locale(), true)
             );
         }
         if ($info) {
             $thread->postMessage(
                 Thread::KIND_FOR_AGENT,
-                getlocal('Info: {0}', array($info), get_current_locale(), true)
+                getlocal('Info: {0}', array(safe_htmlspecialchars($info)), get_current_locale(), true)
             );
         }
         $thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));
diff --git a/src/mibew/libs/classes/Mibew/Thread.php b/src/mibew/libs/classes/Mibew/Thread.php
index 8132cc89..0d5ccfb9 100644
--- a/src/mibew/libs/classes/Mibew/Thread.php
+++ b/src/mibew/libs/classes/Mibew/Thread.php
@@ -758,14 +758,14 @@ class Thread
             if ($this->nextAgent == $operator['operatorid']) {
                 $message_to_post = getlocal(
                     "Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
-                    array($operator_name, $this->agentName),
+                    array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($this->agentName)),
                     $this->locale,
                     true
                 );
             } else {
                 $message_to_post = getlocal(
                     "Operator {0} is back",
-                    array($operator_name),
+                    array(safe_htmlspecialchars($operator_name)),
                     $this->locale,
                     true
                 );
@@ -926,7 +926,7 @@ class Thread
                 self::KIND_EVENTS,
                 getlocal(
                     "Visitor {0} left the chat",
-                    array($this->userName),
+                    array(safe_htmlspecialchars($this->userName)),
                     $this->locale,
                     true
                 )
@@ -947,7 +947,7 @@ class Thread
                     self::KIND_EVENTS,
                     getlocal(
                         "Operator {0} left the chat",
-                        array($this->agentName),
+                        array(safe_htmlspecialchars($this->agentName)),
                         $this->locale,
                         true
                     )
@@ -1025,21 +1025,21 @@ class Thread
         if ($is_operator_changed) {
             $message = getlocal(
                 "Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
-                array($operator_name, $this->agentName),
+                array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($this->agentName)),
                 $this->locale,
                 true
             );
         } elseif ($is_operator_joined) {
             $message = getlocal(
                 "Operator {0} joined the chat",
-                array($operator_name),
+                array(safe_htmlspecialchars($operator_name)),
                 $this->locale,
                 true
             );
         } elseif ($is_operator_back) {
             $message = getlocal(
                 "Operator {0} is back",
-                array($operator_name),
+                array(safe_htmlspecialchars($operator_name)),
                 $this->locale,
                 true
             );
@@ -1083,7 +1083,7 @@ class Thread
             // Send message about renaming
             $message = getlocal(
                 "The visitor changed their name <strong>{0}</strong> to <strong>{1}</strong>",
-                array($old_name, $new_name),
+                array(safe_htmlspecialchars($old_name), safe_htmlspecialchars($new_name)),
                 $this->locale,
                 true
             );
diff --git a/src/mibew/libs/invitation.php b/src/mibew/libs/invitation.php
index aac10f84..ca5ba69c 100644
--- a/src/mibew/libs/invitation.php
+++ b/src/mibew/libs/invitation.php
@@ -125,7 +125,7 @@ function invitation_invite($visitor_id, $operator)
         Thread::KIND_FOR_AGENT,
         getlocal(
             'Operator {0} invites visitor at {1} page',
-            array($operator_name, $last_visited_page),
+            array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($last_visited_page)),
             get_current_locale(),
             true
         )