diff --git a/kallithea/lib/helpers.py b/kallithea/lib/helpers.py
--- a/kallithea/lib/helpers.py
+++ b/kallithea/lib/helpers.py
@@ -352,9 +352,9 @@ def pygmentize_annotation(repo_name, fil
     def url_func(repo_name):
 
         def _url_func(changeset):
-            author = changeset.author
+            author = escape(changeset.author)
             date = changeset.date
-            message = tooltip(changeset.message)
+            message = escape(changeset.message)
 
             tooltip_html = ("<div style='font-size:0.8em'><b>Author:</b>"
                             " %s<br/><b>Date:</b> %s</b><br/><b>Message:"
@@ -367,7 +367,7 @@ def pygmentize_annotation(repo_name, fil
                     url('changeset_home', repo_name=repo_name,
                         revision=changeset.raw_id),
                     style=get_color_string(changeset.raw_id),
-                    class_='tooltip',
+                    class_='tooltip safe-html-title',
                     title=tooltip_html
                   )
 
diff --git a/kallithea/public/js/base.js b/kallithea/public/js/base.js
--- a/kallithea/public/js/base.js
+++ b/kallithea/public/js/base.js
@@ -510,25 +510,31 @@ var _init_tooltip = function(){
     _activate_tooltip($('.tooltip'));
 };
 
-var _show_tooltip = function(e, tipText){
+var _show_tooltip = function(e, tipText, safe){
     e.stopImmediatePropagation();
     var el = e.currentTarget;
+    var $el = $(el);
     if(tipText){
         // just use it
     } else if(el.tagName.toLowerCase() === 'img'){
         tipText = el.alt ? el.alt : '';
     } else {
         tipText = el.title ? el.title : '';
+        safe = safe || $el.hasClass("safe-html-title");
     }
 
     if(tipText !== ''){
         // save org title
-        $(el).attr('tt_title', tipText);
+        $el.attr('tt_title', tipText);
         // reset title to not show org tooltips
-        $(el).attr('title', '');
+        $el.attr('title', '');
 
         var $tipBox = $('#tip-box');
-        $tipBox.html(tipText);
+        if (safe) {
+            $tipBox.html(tipText);
+        } else {
+            $tipBox.text(tipText);
+        }
         $tipBox.css('display', 'block');
     }
 };
diff --git a/kallithea/templates/data_table/_dt_elements.html b/kallithea/templates/data_table/_dt_elements.html
--- a/kallithea/templates/data_table/_dt_elements.html
+++ b/kallithea/templates/data_table/_dt_elements.html
@@ -93,7 +93,7 @@
 <%def name="revision(name,rev,tip,author,last_msg)">
   <div>
   %if rev >= 0:
-      <a title="${h.tooltip('%s:\n\n%s' % (author,last_msg))}" class="tooltip revision-link" href="${h.url('changeset_home',repo_name=name,revision=tip)}">${'r%s:%s' % (rev,h.short_id(tip))}</a>
+      <a title="${h.tooltip('%s:\n\n%s' % (author,last_msg))}" class="tooltip revision-link safe-html-title" href="${h.url('changeset_home',repo_name=name,revision=tip)}">${'r%s:%s' % (rev,h.short_id(tip))}</a>
   %else:
       ${_('No changesets yet')}
   %endif