diff --git a/app/views/wiki/authors.rhtml b/app/views/wiki/authors.rhtml
index 57f529ee..1b6a105c 100644
--- a/app/views/wiki/authors.rhtml
+++ b/app/views/wiki/authors.rhtml
@@ -3,7 +3,7 @@
 <ul id="authorList">
   <% for author in @authors %>
     <li>
-      <%= link_to_page author %>
+      <%= link_to_page author.delete("\x01-\x08\x0B\x0C\x0E-\x1F") %>
       co- or authored:
       <%= @page_names_by_author[author].collect { |page_name| link_to_page(page_name) }.sort.join ', ' %>
     </li>
diff --git a/app/views/wiki/edit.rhtml b/app/views/wiki/edit.rhtml
index 6206c62c..02ba2bef 100644
--- a/app/views/wiki/edit.rhtml
+++ b/app/views/wiki/edit.rhtml
@@ -16,7 +16,7 @@
 		<textarea name="content" id="content" rows="24" cols="60"><%= h(@flash[:content] || @page.content.delete("\x01-\x08\x0B\x0C\x0E-\x1F")) %></textarea>
 		<div id="editFormButtons">
 			<input type="submit" value="Submit" accesskey="s"/> as 
-			<%= text_field_tag :author, @author, 
+			<%= text_field_tag :author, h(@author.delete("\x01-\x08\x0B\x0C\x0E-\x1F")), 
 			        :onfocus => "this.value == 'AnonymousCoward' ? this.value = '' : true;",
 			        :onblur  => "this.value == '' ? this.value = 'AnonymousCoward' : true" %>
 			| 
diff --git a/app/views/wiki/locked.rhtml b/app/views/wiki/locked.rhtml
index ee0cf814..1e1236cf 100644
--- a/app/views/wiki/locked.rhtml
+++ b/app/views/wiki/locked.rhtml
@@ -1,7 +1,7 @@
 <% @title = "#{@page.plain_name} is locked" %>
 
 <p>
-  <%= link_to_page(@page.locked_by) %>
+  <%= link_to_page(h(@page.locked_by.delete("\x01-\x08\x0B\x0C\x0E-\x1F"))) %>
   <% if @page.lock_duration(Time.now) == 0 %>
     just started editing this page.
   <% else %>
diff --git a/app/views/wiki/page.rhtml b/app/views/wiki/page.rhtml
index 83566a2a..60805768 100644
--- a/app/views/wiki/page.rhtml
+++ b/app/views/wiki/page.rhtml
@@ -18,7 +18,7 @@
 
 <div class="byline">
   <%= @page.revisions? ? "Revised" : "Created" %> on <%= format_date(@page.revised_at) %> 
-  by <%= author_link(@page) %>
+  by <%= author_link(@page).delete("\x01-\x08\x0B\x0C\x0E-\x1F") %>
   <%= "(#{@page.author.ip})" if @page.author.respond_to?(:ip) %>
   <% if @web.count_pages? %>
     <% total_chars = @page.content.length %>
diff --git a/app/views/wiki/revision.rhtml b/app/views/wiki/revision.rhtml
index 6cf9e177..0db3283c 100644
--- a/app/views/wiki/revision.rhtml
+++ b/app/views/wiki/revision.rhtml
@@ -17,7 +17,7 @@
 
 <div class="byline">
   <%= "Revision from #{format_date(@revision.revised_at)} by" %>
-  <%= link_to_page @revision.author %>
+  <%= link_to_page @revision.author.delete("\x01-\x08\x0B\x0C\x0E-\x1F") %>
 </div>
 
 <div class="navigation">
diff --git a/app/views/wiki/rollback.rhtml b/app/views/wiki/rollback.rhtml
index 6ec639a5..791af62b 100644
--- a/app/views/wiki/rollback.rhtml
+++ b/app/views/wiki/rollback.rhtml
@@ -18,7 +18,7 @@
         <textarea name="content" id="content" rows="24" cols="60"><%= h(@revision.content.delete("\x01-\x08\x0B\x0C\x0E-\x1F")) %></textarea>
 		<div id="editFormButtons">
 	        <input type="submit" value="Update" accesskey="u" /> as 
-		    <input type="text" name="author" id="authorName" value="<%= @author %>" 
+		    <input type="text" name="author" id="authorName" value="<%= h(@author.delete("\x01-\x08\x0B\x0C\x0E-\x1F")) %>" 
 		        onclick="this.value == 'AnonymousCoward' ? this.value = '' : true" />
 		    | 
 			<span>
diff --git a/app/views/wiki/web_list.rhtml b/app/views/wiki/web_list.rhtml
index 73b2eec4..c051462c 100644
--- a/app/views/wiki/web_list.rhtml
+++ b/app/views/wiki/web_list.rhtml
@@ -16,7 +16,7 @@
 		- Last Update: <%= web.last_page.nil? ? format_date(web.created_at) : format_date(web.last_page.revised_at) %><br/>
 		<% if ! web.last_page.nil? %> 
 			Last Document: <%= link_to_page(web.last_page.name,web) %> 
-			<%= web.last_page.revisions? ? "Revised" : "Created" %> by <%= author_link(web.last_page) %> (<%= web.last_page.current_revision.ip %>)
+			<%= web.last_page.revisions? ? "Revised" : "Created" %> by <%= author_link(web.last_page).delete("\x01-\x08\x0B\x0C\x0E-\x1F") %> (<%= web.last_page.current_revision.ip %>)
 		<% end %>
     </div>
   </div>