diff --git a/lib/Newsletter/Renderer/EscapeHelper.php b/lib/Newsletter/Renderer/EscapeHelper.php
new file mode 100644
index 0000000000..c107c8c968
--- /dev/null
+++ b/lib/Newsletter/Renderer/EscapeHelper.php
@@ -0,0 +1,28 @@
+<?php
+namespace MailPoet\Newsletter\Renderer;
+
+class EscapeHelper {
+  static function escapeHtmlText($string) {
+    return htmlspecialchars((string)$string, ENT_NOQUOTES, 'UTF-8');
+  }
+
+  static function escapeHtmlAttr($string) {
+    return htmlspecialchars((string)$string, ENT_QUOTES, 'UTF-8', true);
+  }
+
+  static function escapeHtmlStyleAttr($string) {
+    return htmlspecialchars((string)$string, ENT_COMPAT, 'UTF-8', true);
+  }
+
+  static function unescapeHtmlStyleAttr($string) {
+    return htmlspecialchars_decode((string)$string, ENT_COMPAT);
+  }
+
+  static function escapeHtmlLinkAttr($string) {
+    $string = self::escapeHtmlAttr($string);
+    if (preg_match('~^javascript:|^data:text|^data:application~i', $string) === 1) {
+      return '';
+    }
+    return $string;
+  }
+}
diff --git a/tests/unit/Newsletter/Renderer/EscapeHelperTest.php b/tests/unit/Newsletter/Renderer/EscapeHelperTest.php
new file mode 100644
index 0000000000..7590a7b4a6
--- /dev/null
+++ b/tests/unit/Newsletter/Renderer/EscapeHelperTest.php
@@ -0,0 +1,26 @@
+<?php
+namespace MailPoet\Test\Newsletter;
+
+use MailPoet\Newsletter\Renderer\EscapeHelper as EHelper;
+
+class EscapeHelperTest extends \MailPoetUnitTest {
+
+  function testItEscapesHtmlText() {
+    expect(EHelper::escapeHtmlText('Text<tag>\'"Hello</tag>'))
+      ->equals("Text&lt;tag&gt;'\"Hello&lt;/tag&gt;");
+  }
+
+  function testItEscapesHtmlAttr() {
+    expect(EHelper::escapeHtmlAttr('Text<tag>\'"Hello</tag>'))
+      ->equals("Text&lt;tag&gt;&#039;&quot;Hello&lt;/tag&gt;");
+  }
+
+  function testItEscapesLinkAttr() {
+    expect(EHelper::escapeHtmlLinkAttr('Text<tag>\'"Hello</tag>'))
+      ->equals("Text&lt;tag&gt;&#039;&quot;Hello&lt;/tag&gt;");
+    expect(EHelper::escapeHtmlLinkAttr('javaScRipt:Text<tag>\'"Hello</tag>'))
+      ->equals("");
+    expect(EHelper::escapeHtmlLinkAttr('DAta:Text<tag>\'"Hello</tag>'))
+      ->equals("");
+  }
+}
