diff --git a/app/models/application_record.rb b/app/models/application_record.rb
index 00e1dc91b6..0059011d4d 100644
--- a/app/models/application_record.rb
+++ b/app/models/application_record.rb
@@ -8,4 +8,10 @@ class ApplicationRecord < ActiveRecord::Base
 
   self.abstract_class = true
 
+  def sanitize_fields(*attrs)
+    attrs.each do |attr|
+      send("#{attr}=", ActionController::Base.helpers.sanitize(send(attr)))
+    end
+  end
+
 end
diff --git a/app/models/plan.rb b/app/models/plan.rb
index 718bf9810d..ddbf275cd8 100644
--- a/app/models/plan.rb
+++ b/app/models/plan.rb
@@ -203,6 +203,15 @@ class Plan < ApplicationRecord
   end
   alias super_settings settings
 
+  # =============
+  # = Callbacks =
+  # =============
+
+  # sanitise html tags e.g remove unwanted 'script'
+  before_validation lambda { |data|
+    data.sanitize_fields(:title, :identifier, :description)
+  }
+
   # =================
   # = Class methods =
   # =================
@@ -227,7 +236,7 @@ def self.load_for_phase(plan_id, phase_id)
   # Returns Plan
   def self.deep_copy(plan)
     plan_copy = plan.dup
-    plan_copy.title = "Copy of " + plan.title
+    plan_copy.title = "Copy of #{plan.title}"
     plan_copy.feedback_requested = false
     plan_copy.save!
     plan.answers.each do |answer|
diff --git a/app/models/user.rb b/app/models/user.rb
index f5995c996e..ff4ac5043a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -160,6 +160,9 @@ class User < ApplicationRecord
   # = Callbacks =
   # =============
 
+  # sanitise html tags from fields
+  before_validation ->(data) { data.sanitize_fields(:firstname, :surname) }
+
   after_update :clear_department_id, if: :saved_change_to_org_id?
 
   after_update :delete_perms!, if: :saved_change_to_org_id?, unless: :can_change_org?