diff --git a/gogs.go b/gogs.go
index de4972567..bc6379ac8 100644
--- a/gogs.go
+++ b/gogs.go
@@ -16,7 +16,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.9.148.0215"
+const APP_VER = "0.9.149.0215"
 
 func init() {
 	setting.AppVer = APP_VER
diff --git a/modules/template/template.go b/modules/template/template.go
index d5d9804df..f7ce7dca7 100644
--- a/modules/template/template.go
+++ b/modules/template/template.go
@@ -15,6 +15,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/microcosm-cc/bluemonday"
 	"golang.org/x/net/html/charset"
 	"golang.org/x/text/transform"
 	log "gopkg.in/clog.v1"
@@ -60,6 +61,7 @@ func NewFuncMap() []template.FuncMap {
 		},
 		"AvatarLink":   base.AvatarLink,
 		"Safe":         Safe,
+		"Sanitize":     bluemonday.UGCPolicy().Sanitize,
 		"Str2html":     Str2html,
 		"TimeSince":    base.TimeSince,
 		"RawTimeSince": base.RawTimeSince,
diff --git a/templates/.VERSION b/templates/.VERSION
index e06bbb892..b176a3f47 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.9.148.0215
\ No newline at end of file
+0.9.149.0215
\ No newline at end of file
diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl
index 1c0641943..657c2929b 100644
--- a/templates/repo/wiki/view.tmpl
+++ b/templates/repo/wiki/view.tmpl
@@ -1,6 +1,7 @@
 {{template "base/head" .}}
 <div class="repository wiki view">
 	{{template "repo/header" .}}
+	{{ $title := .title | Sanitize}}
 	<div class="ui container">
 		<div class="ui grid">
 			<div class="ui ten wide column">
@@ -9,7 +10,7 @@
 						<div class="ui basic small button">
 							<span class="text">
 								{{.i18n.Tr "repo.wiki.page"}}:
-								<strong>{{.title}}</strong>
+								<strong>{{$title}}</strong>
 							</span>
 							<i class="dropdown icon"></i>
 						</div>
@@ -20,7 +21,7 @@
 							</div>
 							<div class="scrolling menu">
 								{{range .Pages}}
-									<div class="item {{if eq $.Title .Name}}selected{{end}}" data-url="{{$.RepoLink}}/wiki/{{.URL}}">{{.Name}}</div>
+									<div class="item {{if eq $.Title .Name}}selected{{end}}" data-url="{{$.RepoLink}}/wiki/{{.URL}}">{{.Name | Sanitize}}</div>
 								{{end}}
 							</div>
 						</div>
@@ -47,7 +48,7 @@
 			</div>
 		</div>
 		<div class="ui dividing header">
-			{{.title}}
+			{{$title}}
 			{{if and .IsRepositoryWriter (not .Repository.IsMirror)}}
 				<div class="ui right">
 					<a class="ui small button" href="{{.RepoLink}}/wiki/{{EscapePound .PageURL}}/_edit">{{.i18n.Tr "repo.wiki.edit_page_button"}}</a>
@@ -72,7 +73,7 @@
 		{{.i18n.Tr "repo.wiki.delete_page_button"}}
 	</div>
 	<div class="content">
-		<p>{{.i18n.Tr "repo.wiki.delete_page_notice_1" .title | Safe}}</p>
+		<p>{{.i18n.Tr "repo.wiki.delete_page_notice_1" $title | Safe}}</p>
 	</div>
 	{{template "base/delete_modal_actions" .}}
 </div>