diff --git a/.gitignore b/.gitignore
index bc06f83d..00f68918 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,11 +44,6 @@ vendor/cache
 # Acts as Indexed
 index/**/*
 
-# Refinery Specific
-*.tmproj
-*.autobackupbyrefinery.*
-refinerycms-*.gem
-
 # Mac
 .DS_Store
 
@@ -96,3 +91,6 @@ vendor/extensions/**/spec/dummy
 
 # exuberant-ctags
 tags
+
+# session secret
+config/initializers/secret_token.rb
diff --git a/Gemfile b/Gemfile
index e39b383e..fd2b1722 100644
--- a/Gemfile
+++ b/Gemfile
@@ -78,4 +78,7 @@ group :development do
   gem 'guard-minitest'
   gem 'quiet_assets'
   gem 'webrick', '>= 1.3.1'
+  # Security checks
+  gem 'brakeman', require: false
+  gem 'guard-brakeman'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 4a10141a..e81a2629 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -7,7 +7,7 @@ GIT
 
 GIT
   remote: git://github.com/gregbell/active_admin.git
-  revision: 3d7605f82706c8e107852f44c61ba6d8e9f2100d
+  revision: 4f445b51c22b12af2cdde57fe2ce9835c32ef88e
   specs:
     activeadmin (1.0.0.pre)
       arbre (~> 1.0)
@@ -65,6 +65,17 @@ GEM
     bourbon (3.2.3)
       sass (~> 3.2)
       thor
+    brakeman (2.6.0)
+      erubis (~> 2.6)
+      fastercsv (~> 1.5)
+      haml (>= 3.0, < 5.0)
+      highline (~> 1.6.20)
+      multi_json (~> 1.2)
+      ruby2ruby (~> 2.0.5)
+      ruby_parser (~> 3.5.0)
+      sass (~> 3.0)
+      slim (>= 1.3.6, < 3.0)
+      terminal-table (~> 1.4)
     builder (3.2.2)
     celluloid (0.15.2)
       timers (~> 1.1.0)
@@ -99,7 +110,8 @@ GEM
       activemodel
     erubis (2.7.0)
     eventmachine (1.0.3)
-    execjs (2.1.0)
+    execjs (2.2.0)
+    fastercsv (1.5.5)
     ffi (1.9.3)
     font-awesome-rails (4.1.0.0)
       railties (>= 3.2, < 5.0)
@@ -114,6 +126,9 @@ GEM
       lumberjack (~> 1.0)
       pry (>= 0.9.12)
       thor (>= 0.18.1)
+    guard-brakeman (0.8.1)
+      brakeman (>= 2.1.1)
+      guard (>= 1.1.0)
     guard-bundler (2.0.0)
       bundler (~> 1.0)
       guard (~> 2.2)
@@ -134,13 +149,14 @@ GEM
     has_scope (0.6.0.rc)
       actionpack (>= 3.2, < 5)
       activesupport (>= 3.2, < 5)
+    highline (1.6.21)
     hike (1.2.3)
     http_parser.rb (0.6.0)
     i18n (0.6.9)
     inherited_resources (1.5.0)
       has_scope (~> 0.6.0.rc)
       responders (~> 1.0)
-    jbuilder (2.0.7)
+    jbuilder (2.0.8)
       activesupport (>= 3.0.0, < 5)
       multi_json (~> 1.2)
     jquery-rails (3.1.0)
@@ -152,10 +168,10 @@ GEM
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
     json (1.8.1)
-    kaminari (0.15.1)
+    kaminari (0.16.0)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
-    listen (2.7.6)
+    listen (2.7.7)
       celluloid (>= 0.15.2)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
@@ -210,13 +226,18 @@ GEM
       i18n
       polyamorous (~> 1.0.0)
     rb-fsevent (0.9.4)
-    rb-inotify (0.9.4)
+    rb-inotify (0.9.5)
       ffi (>= 0.5.0)
     rdoc (4.1.1)
       json (~> 1.4)
     redcarpet (3.1.2)
     responders (1.1.0)
       railties (>= 3.2, < 5)
+    ruby2ruby (2.0.8)
+      ruby_parser (~> 3.1)
+      sexp_processor (~> 4.0)
+    ruby_parser (3.5.0)
+      sexp_processor (~> 4.1)
     sass (3.2.19)
     sass-rails (4.0.3)
       railties (>= 4.0.0, < 5.0)
@@ -226,6 +247,10 @@ GEM
     sdoc (0.4.0)
       json (~> 1.8)
       rdoc (~> 4.0, < 5.0)
+    sexp_processor (4.4.3)
+    slim (2.0.2)
+      temple (~> 0.6.6)
+      tilt (>= 1.3.3, < 2.1)
     slop (3.5.0)
     spring (1.1.3)
     sprockets (2.11.0)
@@ -237,6 +262,8 @@ GEM
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (~> 2.8)
+    temple (0.6.7)
+    terminal-table (1.4.5)
     thor (0.19.1)
     thread_safe (0.3.4)
     tilt (1.4.1)
@@ -260,6 +287,7 @@ PLATFORMS
 
 DEPENDENCIES
   activeadmin!
+  brakeman
   coffee-rails
   compass-rails
   devise
@@ -268,6 +296,7 @@ DEPENDENCIES
   email_validator
   font-awesome-rails
   gritter
+  guard-brakeman
   guard-bundler
   guard-livereload
   guard-minitest
diff --git a/Guardfile b/Guardfile
index 77e13b7d..8f72f504 100644
--- a/Guardfile
+++ b/Guardfile
@@ -27,3 +27,10 @@ guard :minitest do
 end
 
 notification :notifysend
+
+guard 'brakeman', run_on_start: true, quiet: true, min_confidence: 10 do
+  watch(%r{^app/.+\.(erb|haml|rhtml|rb)$})
+  watch(%r{^config/.+\.rb$})
+  watch(%r{^lib/.+\.rb$})
+  watch('Gemfile')
+end
diff --git a/app/assets/stylesheets/tags.css.sass b/app/assets/stylesheets/tags.css.sass
index f19cf8cc..7bbc761b 100644
--- a/app/assets/stylesheets/tags.css.sass
+++ b/app/assets/stylesheets/tags.css.sass
@@ -1,3 +1,10 @@
+// Tag list in event display
+p.tags a:after
+  color: black
+  content: ','
+p.tags a:last-child:after
+  content: ''
+
 .tag
   vertical-align: middle
   sub
diff --git a/app/models/event.rb b/app/models/event.rb
index fe1552ee..3cffa5f6 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -4,7 +4,7 @@ class Event < ActiveRecord::Base
   has_one :related_city, foreign_key: :name, primary_key: :city, class_name: City
 
   validates_presence_of :title, :description, :city, :region, :url, :contact
-  validates_format_of :url, with: /https?:\/\//
+  validates_format_of :url, with: /\Ahttps?:\/\/.*\z/
   validates :contact, email: true
   validates :submitter, email: true
 
diff --git a/app/views/application/contact.haml b/app/views/application/contact.haml
index 845f4076..5efedd3b 100644
--- a/app/views/application/contact.haml
+++ b/app/views/application/contact.haml
@@ -1,2 +1,2 @@
-- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
-= raw markdown.render t '.content'
+:markdown
+  #{t '.content'}
diff --git a/app/views/application/infos.haml b/app/views/application/infos.haml
index 845f4076..5efedd3b 100644
--- a/app/views/application/infos.haml
+++ b/app/views/application/infos.haml
@@ -1,2 +1,2 @@
-- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
-= raw markdown.render t '.content'
+:markdown
+  #{t '.content'}
diff --git a/app/views/events/_form.html.haml b/app/views/events/_form.html.haml
index eeb90ceb..fbdecf93 100644
--- a/app/views/events/_form.html.haml
+++ b/app/views/events/_form.html.haml
@@ -1,5 +1,3 @@
-- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
-
 = form_for @event do |f|
   - if @event.errors.any?
     #error_explanation.error.flash
@@ -8,15 +6,20 @@
         %p= msg
 
   - unless @event.id
-    = raw markdown.render t '.subtitle'
+    :markdown
+      #{t '.subtitle'}
 
-    #advises= raw markdown.render t '.advises'
+    #advises
+      :markdown
+        #{t '.advises'}
 
   - else
     = hidden_field_tag :secret, params[:secret]
 
   .field
-    .helper= raw markdown.render t '.title_helper'
+    .helper
+      :markdown
+        #{t '.title_helper'}
     = f.label :title
     = f.text_field :title, required: true, size: 70
   .field
@@ -26,7 +29,9 @@
     = f.label Event.human_attribute_name :end_time
     = f.datetime_select :end_time, required: true
   .field
-    .helper= raw markdown.render t '.description_helper'
+    .helper
+      :markdown
+        #{t '.description_helper'}
     = f.label Event.human_attribute_name :description
     = f.text_area :description, required: true, rows: 29, cols: 80
 
@@ -42,19 +47,27 @@
     = f.select :locality,
       options_for_select([[t('attributes.locality_0'), 0], [t('attributes.locality_1'), 1]], @event.locality)
   .field
-    .helper= raw markdown.render t '.url_helper'
+    .helper
+      :markdown
+        #{t '.url_helper'}
     = f.label Event.human_attribute_name :url
     = f.text_field :url, required: true, size: 70
   .field
-    .helper= raw markdown.render t '.contact_helper'
+    .helper
+      :markdown
+        #{t '.contact_helper'}
     = f.label Event.human_attribute_name :contact
     = f.text_field :contact, required: true, size: 70
   .field
-    .helper= raw markdown.render t '.submitter_helper'
+    .helper
+      :markdown
+        #{t '.submitter_helper'}
     = f.label :submitter
     = f.text_field :submitter, required: true, size: 70
   .field
-    .helper= raw markdown.render t '.tags_helper'
+    .helper
+      :markdown
+        #{t '.tags_helper'}
     = f.label :tags
     = f.text_field :tags, size: 70
 
diff --git a/app/views/events/show.html.haml b/app/views/events/show.html.haml
index 09a43ae4..18d81c91 100644
--- a/app/views/events/show.html.haml
+++ b/app/views/events/show.html.haml
@@ -33,7 +33,9 @@
   = link_to @event.region.name, "http://fr.wikipedia.org/wiki/#{@event.region.name}" rescue nil
 
 %h3 Description
-=raw @event.description
+= sanitize @event.description,
+  tags: %w(p br table tr td ul ol li a strong b em i img),
+  attributes: %w(href src width height)
 
 %h3 Informations
 %p
@@ -41,9 +43,11 @@
   = link_to @event.url, @event.url
 %p
   Contact:
-  = mail_to @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT '), @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT ')
+  = mail_to @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT '),
+    @event.contact.gsub('@', ' CHEZ ').gsub('.', ' POINT ')
 
 - if (@event.tags && @event.tags.present?)
-  %p
+  %p.tags
     Tags:
-    =raw @event.tags.split.collect { |tag| link_to tag, events_url(tag: tag) }.join(', ')
+    - @event.tags.split.each do |tag|
+      = link_to tag, events_url(tag: tag)
diff --git a/app/views/regions/stats.html.haml b/app/views/regions/stats.html.haml
index 166c9db8..9f3a118d 100644
--- a/app/views/regions/stats.html.haml
+++ b/app/views/regions/stats.html.haml
@@ -38,5 +38,5 @@
 
 %h3=t '.web'
 
-- markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
-= raw markdown.render t '.webalizer'
+:markdown
+  #{t '.webalizer'}