diff --git a/app/models/contact.rb b/app/models/contact.rb
index 20c11ae80..08bfe9446 100644
--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@@ -30,6 +30,7 @@ class Contact < ActiveRecord::Base
     length: { maximum: 100, message: :too_long_contact_code }
   validate :ident_valid_format?
   validate :uniq_statuses?
+  validate :validate_html
 
   after_initialize do
     self.statuses = [] if statuses.nil?
@@ -221,6 +222,17 @@ class Contact < ActiveRecord::Base
     end
   end
 
+  def validate_html
+    self.class.columns.each do |column|
+      next unless column.type == :string
+
+      c_name = column.name
+      val    = read_atribute(c_name)
+      errors.add(c_name, :invalid) if val.include?('<') || val.include?('>') || val.include?('%3C') || val.include?('%3E')
+      return
+    end
+  end
+
   def uniq_statuses?
     return true unless statuses.detect { |s| statuses.count(s) > 1 }
     errors.add(:statuses, :not_uniq)