diff --git a/cake/libs/sanitize.php b/cake/libs/sanitize.php
index 8edb7b8d4..533f52556 100644
--- a/cake/libs/sanitize.php
+++ b/cake/libs/sanitize.php
@@ -79,22 +79,40 @@ class Sanitize {
 
 /**
  * Returns given string safe for display as HTML. Renders entities.
+ * 
+ * strip_tags() is not validating HTML, so it might strip whole passages
+ * with broken HTML.
  *
  * @param string $string String from where to strip tags
- * @param boolean $remove If true, the string is stripped of all HTML tags
+ * @param array $options
+ * 
+ * possible options:
+ * 
+ * 		- remove (boolean) if true strips all HTML tags before encoding
+ * 		- charset (string) the charset used to encode the string
+ * 		- quotes (int) see http://php.net/manual/en/function.htmlentities.php
+ * 
  * @return string Sanitized string
  * @access public
  * @static
  */
-	function html($string, $remove = false) {
-		if ($remove) {
+	function html($string, $options = array()) {
+		$default = array(
+			'remove' => false,
+			'charset' => 'UTF-8',
+			'quotes' => ENT_QUOTES
+		);
+
+		$options = array_merge($default, $options);
+
+		if ($options['remove']) {
 			$string = strip_tags($string);
-		} else {
-			$patterns = array('&', '%', '<', '>', '"', "'", '(', ')', '+', '-');
-			$replacements = array("&amp;", "&#37;", "&lt;", "&gt;", "&quot;", "&#39;", "&#40;", "&#41;", "&#43;", "&#45;");
-			$string = str_replace($patterns, $replacements, $string);
 		}
-		return $string;
+		$encoding = Configure::read('App.encoding');
+		if (empty($encoding)) {
+			$encoding = $options['charset'];
+		}
+		return htmlentities($string, $options['quotes'], $encoding);
 	}
 
 /**
@@ -198,6 +216,7 @@ class Sanitize {
 		$options = array_merge(array(
 			'connection' => 'default',
 			'odd_spaces' => true,
+			'remove_html' => false,
 			'encode' => true,
 			'dollar' => true,
 			'carriage' => true,
@@ -216,7 +235,7 @@ class Sanitize {
 				$data = str_replace(chr(0xCA), '', str_replace(' ', ' ', $data));
 			}
 			if ($options['encode']) {
-				$data = Sanitize::html($data);
+				$data = Sanitize::html($data, array('remove' => $options['remove_html']));
 			}
 			if ($options['dollar']) {
 				$data = str_replace("\\\$", "$", $data);
diff --git a/cake/tests/cases/libs/sanitize.test.php b/cake/tests/cases/libs/sanitize.test.php
index 49b023b77..8a6f7c325 100644
--- a/cake/tests/cases/libs/sanitize.test.php
+++ b/cake/tests/cases/libs/sanitize.test.php
@@ -145,7 +145,7 @@ class SanitizeTest extends CakeTestCase {
  */
 	function testClean() {
 		$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
-		$expected = 'test &amp; &quot;quote&quot; &#39;other&#39; ;.$ symbol.another line';
+		$expected = 'test &amp; &quot;quote&quot; &#039;other&#039; ;.$ symbol.another line';
 		$result = Sanitize::clean($string, array('connection' => 'test_suite'));
 		$this->assertEqual($result, $expected);
 
@@ -170,7 +170,7 @@ class SanitizeTest extends CakeTestCase {
 		$this->assertEqual($result, $expected);
 
 		$array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'));
-		$expected = array(array('test &amp; &quot;quote&quot; &#39;other&#39; ;.$ symbol.another line'));
+		$expected = array(array('test &amp; &quot;quote&quot; &#039;other&#039; ;.$ symbol.another line'));
 		$result = Sanitize::clean($array, array('connection' => 'test_suite'));
 		$this->assertEqual($result, $expected);
 
@@ -179,8 +179,8 @@ class SanitizeTest extends CakeTestCase {
 		$result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test_suite'));
 		$this->assertEqual($result, $expected);
 
-		$array = array(array('test odd '.chr(0xCA).' spaces'.chr(0xCA)));
-		$expected = array(array('test odd '.chr(0xCA).' spaces'.chr(0xCA)));
+		$array = array(array('test odd Ä spacesé'));
+		$expected = array(array('test odd &Auml; spaces&eacute;'));
 		$result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test_suite'));
 		$this->assertEqual($result, $expected);
 
@@ -203,12 +203,26 @@ class SanitizeTest extends CakeTestCase {
  */
 	function testHtml() {
 		$string = '<p>This is a <em>test string</em> & so is this</p>';
-		$expected = 'This is a test string & so is this';
-		$result = Sanitize::html($string, true);
+		$expected = 'This is a test string &amp; so is this';
+		$result = Sanitize::html($string, array('remove' => true));
 		$this->assertEqual($result, $expected);
 
 		$string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
-		$expected = 'The &quot;lazy&quot; dog &#39;jumped&#39; &amp; flew over the moon. If &#40;1&#43;1&#41; = 2 &lt;em&gt;is&lt;/em&gt; true, &#40;2&#45;1&#41; = 1 is also true';
+		$expected = 'The &quot;lazy&quot; dog &#039;jumped&#039; &amp; flew over the moon. If (1+1) = 2 &lt;em&gt;is&lt;/em&gt; true, (2-1) = 1 is also true';
+		$result = Sanitize::html($string);
+		$this->assertEqual($result, $expected);
+		
+		$string = 'The "lazy" dog \'jumped\'';
+		$expected = 'The &quot;lazy&quot; dog \'jumped\'';
+		$result = Sanitize::html($string, array('quotes' => ENT_COMPAT));
+		$this->assertEqual($result, $expected);
+		
+		$string = 'The "lazy" dog \'jumped\'';
+		$result = Sanitize::html($string, array('quotes' => ENT_NOQUOTES));
+		$this->assertEqual($result, $string);
+		
+		$string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
+		$expected = 'The &quot;lazy&quot; dog &#039;jumped&#039; &amp; flew over the moon. If (1+1) = 2 &lt;em&gt;is&lt;/em&gt; true, (2-1) = 1 is also true';
 		$result = Sanitize::html($string);
 		$this->assertEqual($result, $expected);
 	}