diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index 8024a5419e..8618d4a49f 100644
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -32,4 +32,4 @@ $output = array();
 foreach($events as $event){
 	$output = array_merge($output, OC_Calendar_App::generateEventOutput($event, $start, $end));
 }
-OCP\JSON::encodedPrint($output);
+OCP\JSON::encodedPrint(OCP\Util::sanitizeHTML($output));
diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index 6e0ff580b1..bc012a68c4 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -824,7 +824,7 @@ $(document).ready(function(){
 		eventDrop: Calendar.UI.moveEvent,
 		eventResize: Calendar.UI.resizeEvent,
 		eventRender: function(event, element) {
-			element.find('.fc-event-title').html(element.find('.fc-event-title').text());
+			element.find('.fc-event-title').html(element.find('.fc-event-title').html());
 			element.tipsy({
 				className: 'tipsy-event',
 				opacity: 0.9,
diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index 9e4806227b..4212bf5a32 100644
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -600,8 +600,8 @@ class OC_Calendar_Object{
 
 	public static function updateVCalendarFromRequest($request, $vcalendar)
 	{
-		$title = strip_tags($request["title"]);
-		$location = strip_tags($request["location"]);
+		$title = $request["title"];
+		$location = $request["location"];
 		$categories = $request["categories"];
 		$allday = isset($request["allday"]);
 		$from = $request["from"];
@@ -611,7 +611,7 @@ class OC_Calendar_Object{
 			$totime = $request['totime'];
 		}
 		$vevent = $vcalendar->VEVENT;
-		$description = strip_tags($request["description"]);
+		$description = $request["description"];
 		$repeat = $request["repeat"];
 		if($repeat != 'doesnotrepeat'){
 			$rrule = '';