diff --git a/app/views/france_connect/particulier/choose_email.html.haml b/app/views/france_connect/particulier/choose_email.html.haml
index 5ca731009..6bf3def08 100644
--- a/app/views/france_connect/particulier/choose_email.html.haml
+++ b/app/views/france_connect/particulier/choose_email.html.haml
@@ -15,7 +15,7 @@
           .fr-radio-group
             = f.radio_button :use_france_connect_email, true, id: 'use_france_connect_email_yes', class: 'fr-radio', required: true, data: { action: "email-france-connect#triggerEmailField", email_france_connect_target: "useFranceConnectEmail" }
             %label.fr-label.fr-text--wrap{ for: 'use_france_connect_email_yes' }
-              = t('.keep_fc_email_html', email: @fci.email_france_connect).html_safe
+              = t('.keep_fc_email_html', email: h(@fci.email_france_connect)).html_safe
         .fr-fieldset__element
           .fr-radio-group
             = f.radio_button :use_france_connect_email, false, id: 'use_france_connect_email_no', class: 'fr-radio', required: true, data: { action: "email-france-connect#triggerEmailField", email_france_connect_target: "useFranceConnectEmail" }
diff --git a/app/views/france_connect/particulier/confirmation_sent.html.haml b/app/views/france_connect/particulier/confirmation_sent.html.haml
index dcd907b61..f81684326 100644
--- a/app/views/france_connect/particulier/confirmation_sent.html.haml
+++ b/app/views/france_connect/particulier/confirmation_sent.html.haml
@@ -6,7 +6,7 @@
 
     = render Dsfr::AlertComponent.new(title: '', state: :info, heading_level: 'h2', extra_class_names: 'fr-mt-6w fr-mb-3w') do |c|
       - c.with_body do
-        %p= t('.intro_html', email: email).html_safe
+        %p= t('.intro_html', email: h(email)).html_safe
         %p= t('.click_the_link_in_the_email')
 
     %p.center= link_to t('.continue'), destination_path, class: 'fr-btn'
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index f51fbe328..5e1b235ea 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -950,7 +950,7 @@ fr:
           wanna_say: 'Voulez-vous dire ?'
       confirmation_sent:
         confirmation_sent_by_email: Confirmez votre email
-        intro_html: Un mail de confirmation a été envoyé à votre adresse <span class='fr-badge fr-badge--info fr-badge--sm'>%{email}</span>
+        intro_html: "Un mail de confirmation a été envoyé à votre adresse <span class='fr-badge fr-badge--info fr-badge--sm'>%{email}</span>"
         click_the_link_in_the_email: Vous devez impérativement cliquer sur le lien du mail pour activer votre adresse et recevoir les notifications sur l'avancement de vos dossiers.
         continue: Continuer
       merge:
diff --git a/db/migrate/20240730130933_add_alternative_email_column_to_france_connect_information_table.rb b/db/migrate/20240730130933_add_alternative_email_column_to_france_connect_information_table.rb
index 0ff086128..8f0ca39c1 100644
--- a/db/migrate/20240730130933_add_alternative_email_column_to_france_connect_information_table.rb
+++ b/db/migrate/20240730130933_add_alternative_email_column_to_france_connect_information_table.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddAlternativeEmailColumnToFranceConnectInformationTable < ActiveRecord::Migration[7.0]
   def change
     add_column :france_connect_informations, :requested_email, :string