diff --git a/app/views/dossiers/_infos_dossier.html.haml b/app/views/dossiers/_infos_dossier.html.haml
index f607632e6..4d286fec4 100644
--- a/app/views/dossiers/_infos_dossier.html.haml
+++ b/app/views/dossiers/_infos_dossier.html.haml
@@ -52,7 +52,7 @@
                   - elsif champ.decorate.value == 'false'
                     Non
                 - else
-                  = champ.decorate.value.html_safe
+                  = sanitize(champ.decorate.value)
 
     - if @facade.dossier.mandataire_social && gestionnaire_signed_in?
       .mandataire_social.text-success.center
diff --git a/app/views/dossiers/commentaires/_commentaire.html.haml b/app/views/dossiers/commentaires/_commentaire.html.haml
index b5c928460..7a94c0db6 100644
--- a/app/views/dossiers/commentaires/_commentaire.html.haml
+++ b/app/views/dossiers/commentaires/_commentaire.html.haml
@@ -2,7 +2,7 @@
   .comment-header
     = commentaire.header
   .content
-    = commentaire.body.html_safe
+    = sanitize(commentaire.body)
   - if file = commentaire.piece_justificative
     .file
       = link_to file.content_url, class: 'link', target: '_blank' do