diff --git a/server/controllers/system/add-department.php b/server/controllers/system/add-department.php
index 2307b2fc..7ea0ee14 100755
--- a/server/controllers/system/add-department.php
+++ b/server/controllers/system/add-department.php
@@ -16,7 +16,6 @@ use Respect\Validation\Validator as DataValidator;
  * @apiParam {String} name Name of the new department.
  *
  * @apiUse NO_PERMISSION
- * @apiUse INVALID_NAME
  *
  * @apiSuccess {Object} data Empty object
  *
@@ -29,20 +28,15 @@ class AddDepartmentController extends Controller {
     public function validations() {
         return [
             'permission' => 'staff_3',
-            'requestData' => [
-                'name' => [
-                    'validation' => DataValidator::alnum(),
-                    'error' => ERRORS::INVALID_NAME
-                ]
-            ]
+            'requestData' => []
         ];
     }
 
     public function handler() {
-        $name = Controller::request('name');
-        
+        $name = htmlentities(Controller::request('name'));
+
         $departmentInstance = new Department();
-        
+
         $departmentInstance->setProperties([
             'name' => $name,
         ]);
@@ -53,4 +47,4 @@ class AddDepartmentController extends Controller {
         Response::respondSuccess();
 
     }
-}
\ No newline at end of file
+}
diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php
index 891116a0..67dbc123 100755
--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@@ -68,7 +68,7 @@ class CreateController extends Controller {
                 ]
             ]
         ];
-        
+
         if(!Controller::isUserSystemEnabled()) {
             $validations['permission'] = 'any';
             $validations['requestData']['captcha'] = [
@@ -80,13 +80,13 @@ class CreateController extends Controller {
                 'error' => ERRORS::INVALID_EMAIL
             ];
         }
-        
+
         return $validations;
     }
 
     public function handler() {
-        $this->title = Controller::request('title');
-        $this->content = Controller::request('content', true);
+        $this->title = htmlentities(Controller::request('title'));
+        $this->content = htmlentities(Controller::request('content', true));
         $this->departmentId = Controller::request('departmentId');
         $this->language = Controller::request('language');
         $this->email = Controller::request('email');
@@ -97,7 +97,7 @@ class CreateController extends Controller {
         if(!Controller::isUserSystemEnabled()) {
             $this->sendMail();
         }
-        
+
         $staffs = Staff::find('send_email_on_new_ticket = 1');
         foreach ($staffs as $staff) {
             if($staff->sharedDepartmentList->includesId(Controller::request('departmentId'))) {
@@ -132,19 +132,19 @@ class CreateController extends Controller {
             'authorName' => $this->name,
             'authorEmail' => $this->email
         ));
-        
+
         if(Controller::isUserSystemEnabled()) {
             $author->sharedTicketList->add($ticket);
             $author->tickets++;
-            
+
             $this->email = $author->email;
             $this->name = $author->name;
 
-            $author->store(); 
+            $author->store();
         }
-        
+
         $ticket->store();
-        
+
         $this->ticketNumber = $ticket->ticketNumber;
     }
 
diff --git a/server/libs/MailSender.php b/server/libs/MailSender.php
index 62bbaed3..1d6b2172 100755
--- a/server/libs/MailSender.php
+++ b/server/libs/MailSender.php
@@ -70,6 +70,7 @@ class MailSender {
 
             $this->mailerInstance->From = $this->mailOptions['from'];
             $this->mailerInstance->FromName = $this->mailOptions['fromName'];
+            $this->mailerInstance->CharSet = 'UTF-8';
 
             $this->mailerInstance->isSMTP();
             $this->mailerInstance->SMTPAuth = true;
diff --git a/tests/system/add-department.rb b/tests/system/add-department.rb
index af45e221..4da2044b 100644
--- a/tests/system/add-department.rb
+++ b/tests/system/add-department.rb
@@ -2,7 +2,7 @@ describe'system/add-department' do
         request('/user/logout')
         Scripts.login($staff[:email], $staff[:password], true)
 
-        it 'should add department' do
+        it 'should add department with alphanumeric characters' do
             result = request('/system/add-department', {
                 csrf_userid: $csrf_userid,
                 csrf_token: $csrf_token,
@@ -18,4 +18,21 @@ describe'system/add-department' do
             lastLog = $database.getLastRow('log')
             (lastLog['type']).should.equal('ADD_DEPARTMENT')
         end
+
+        it 'should add department with html tag' do
+            result = request('/system/add-department', {
+                csrf_userid: $csrf_userid,
+                csrf_token: $csrf_token,
+                name: '<b>new department</b>'
+            })
+
+            (result['status']).should.equal('success')
+
+            row = $database.getRow('department', 5, 'id')
+
+            (row['name']).should.equal('&lt;b&gt;new department&lt;/b&gt;')
+
+            lastLog = $database.getLastRow('log')
+            (lastLog['type']).should.equal('ADD_DEPARTMENT')
+        end
 end