diff --git a/app/lib/core_extensions/string/strip_tags.rb b/app/lib/core_extensions/string/strip_tags.rb
new file mode 100644
index 00000000..76e35f8b
--- /dev/null
+++ b/app/lib/core_extensions/string/strip_tags.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module CoreExtensions
+  module String
+    # Elimina el HTML
+    module StripTags
+      def strip_tags
+        ActionController::Base.helpers.strip_tags(self)
+      end
+    end
+  end
+end
diff --git a/app/models/site.rb b/app/models/site.rb
index 6c537e0b..354e376a 100644
--- a/app/models/site.rb
+++ b/app/models/site.rb
@@ -41,6 +41,15 @@ class Site < ApplicationRecord
 
   accepts_nested_attributes_for :deploys, allow_destroy: true
 
+  # No permitir HTML en estos atributos
+  def title=(title)
+    super(title.strip_tags)
+  end
+
+  def description=(description)
+    super(description.strip_tags)
+  end
+
   # El repositorio git para este sitio
   def repository
     @repository ||= Site::Repository.new path
diff --git a/config/initializers/core_extensions.rb b/config/initializers/core_extensions.rb
new file mode 100644
index 00000000..2207fe85
--- /dev/null
+++ b/config/initializers/core_extensions.rb
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+String.include CoreExtensions::String::StripTags
diff --git a/doc/crear_sitios.md b/doc/crear_sitios.md
index a70173c4..7f6bd8af 100644
--- a/doc/crear_sitios.md
+++ b/doc/crear_sitios.md
@@ -218,7 +218,7 @@ tengamos tiempo de hacerlo realmente.
 
 * ver las estadisticas de compilación en lugar del log (el log también)
 * comitear en git los articulos (igual no es de esta rama...)
-* sanitizar titulo y descripcion, tambien escapar
-* al crear el sitio incorporar politica de privacidad y codigo de
-  convivencia
 * link a visitar sitio
+* editor de opciones
+* forkear gemas
+* que les usuaries elijan su propio idioma
diff --git a/test/models/site_test.rb b/test/models/site_test.rb
index b74daaf2..438ef820 100644
--- a/test/models/site_test.rb
+++ b/test/models/site_test.rb
@@ -76,4 +76,13 @@ class SiteTest < ActiveSupport::TestCase
     assert File.directory?(@site.path)
     assert_not File.directory?(path)
   end
+
+  test 'no se puede guardar html en title y description' do
+    site = build :site
+    site.description = "<a href='hola'>hola</a><script>alert('pwned')</script>"
+    site.title = "<a href='hola'>hola</a><script>alert('pwned')</script>"
+
+    assert_equal 'hola', site.description
+    assert_equal 'hola', site.title
+  end
 end