diff --git a/lib/models/subscriptions.js b/lib/models/subscriptions.js
index d9867c90..5b2ab460 100644
--- a/lib/models/subscriptions.js
+++ b/lib/models/subscriptions.js
@@ -2,6 +2,7 @@
 
 let db = require('../db');
 let shortid = require('shortid');
+let striptags = require('striptags');
 let tools = require('../tools');
 let helpers = require('../helpers');
 let fields = require('./fields');
@@ -136,6 +137,8 @@ module.exports.insert = (listId, meta, subscriptionData, callback) => {
             values.push(field.value);
         });
 
+        values = values.map(v => typeof v === 'string' ? striptags(v) : v);
+
         db.getConnection((err, connection) => {
             if (err) {
                 return callback(err);
@@ -420,6 +423,8 @@ module.exports.update = (listId, cid, updates, allowEmail, callback) => {
             return callback(null, false);
         }
 
+        values = values.map(v => typeof v === 'string' ? striptags(v) : v);
+
         db.getConnection((err, connection) => {
             if (err) {
                 return callback(err);
diff --git a/lib/tools.js b/lib/tools.js
index f2d1bc32..18787fc5 100644
--- a/lib/tools.js
+++ b/lib/tools.js
@@ -13,6 +13,7 @@ let he = require('he');
 let _ = require('./translate')._;
 let util = require('util');
 let createDOMPurify = require('dompurify');
+let htmlToText = require('html-to-text');
 
 let blockedUsers = ['abuse', 'admin', 'billing', 'compliance', 'devnull', 'dns', 'ftp', 'hostmaster', 'inoc', 'ispfeedback', 'ispsupport', 'listrequest', 'list', 'maildaemon', 'noc', 'noreply', 'noreply', 'null', 'phish', 'phishing', 'postmaster', 'privacy', 'registrar', 'root', 'security', 'spam', 'support', 'sysadmin', 'tech', 'undisclosedrecipients', 'unsubscribe', 'usenet', 'uucp', 'webmaster', 'www'];
 
@@ -201,10 +202,11 @@ function formatMessage(serviceUrl, campaign, list, subscription, message, filter
         }
         if (subscription.mergeTags.hasOwnProperty(key)) {
             let value = (subscription.mergeTags[key] || '').toString();
-            // FIXME https://github.com/Mailtrain-org/mailtrain/issues/192
-            return isHTML ? he.encode(value, {
-                useNamedReferences: true
-            }) : value;
+            let containsHTML = /<[a-z][\s\S]*>/.test(value);
+            return isHTML ? he.encode((containsHTML ? value : value.replace(/(?:\r\n|\r|\n)/g, '<br/>')), {
+                useNamedReferences: true,
+                allowUnsafeSymbols: true
+            }) : (containsHTML ? htmlToText.fromString(value) : value);
         }
         return false;
     };