diff --git a/include/conversation.php b/include/conversation.php
index 7a0bf6c400..c10a7bec73 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -195,7 +195,7 @@ function localize_item(&$item)
 		$xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">";
 
 		$obj = XML::parseString($xmlhead.$item['object']);
-		$links = XML::parseString($xmlhead."<links>".XML::unxmlify($obj->link)."</links>");
+		$links = XML::parseString($xmlhead."<links>".XML::unescape($obj->link)."</links>");
 
 		$Bname = $obj->title;
 		$Blink = "";
diff --git a/include/text.php b/include/text.php
index fadd375921..5da54b5fc9 100644
--- a/include/text.php
+++ b/include/text.php
@@ -974,9 +974,9 @@ function get_cats_and_terms($item)
 	if ($cnt) {
 		foreach ($matches as $mtch) {
 			$categories[] = [
-				'name' => XML::xmlify(FileTag::decode($mtch[1])),
+				'name' => XML::escape(FileTag::decode($mtch[1])),
 				'url' =>  "#",
-				'removeurl' => ((local_user() == $item['uid'])?'filerm/' . $item['id'] . '?f=&cat=' . XML::xmlify(FileTag::decode($mtch[1])):""),
+				'removeurl' => ((local_user() == $item['uid'])?'filerm/' . $item['id'] . '?f=&cat=' . XML::escape(FileTag::decode($mtch[1])):""),
 				'first' => $first,
 				'last' => false
 			];
@@ -995,9 +995,9 @@ function get_cats_and_terms($item)
 		if ($cnt) {
 			foreach ($matches as $mtch) {
 				$folders[] = [
-					'name' => XML::xmlify(FileTag::decode($mtch[1])),
+					'name' => XML::escape(FileTag::decode($mtch[1])),
 					'url' =>  "#",
-					'removeurl' => ((local_user() == $item['uid']) ? 'filerm/' . $item['id'] . '?f=&term=' . XML::xmlify(FileTag::decode($mtch[1])) : ""),
+					'removeurl' => ((local_user() == $item['uid']) ? 'filerm/' . $item['id'] . '?f=&term=' . XML::escape(FileTag::decode($mtch[1])) : ""),
 					'first' => $first,
 					'last' => false
 				];
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 6771a21575..0f001b11a2 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -256,7 +256,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 
 			$xml = XML::parseString($res);
 			$status = (int) $xml->status;
-			$message = XML::unxmlify($xml->message);   // human readable text of what may have gone wrong.
+			$message = XML::unescape($xml->message);   // human readable text of what may have gone wrong.
 			switch ($status) {
 				case 0:
 					info(L10n::t("Confirmation completed successfully.") . EOL);
diff --git a/mod/filer.php b/mod/filer.php
index d61f67e1ef..3508079400 100644
--- a/mod/filer.php
+++ b/mod/filer.php
@@ -18,7 +18,7 @@ function filer_content(App $a)
 		killme();
 	}
 
-	$term = XML::unxmlify(trim(defaults($_GET, 'term', '')));
+	$term = XML::unescape(trim(defaults($_GET, 'term', '')));
 	$item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
 
 	Logger::log('filer: tag ' . $term . ' item ' . $item_id);
diff --git a/mod/filerm.php b/mod/filerm.php
index 60ac439bf8..335b27b320 100644
--- a/mod/filerm.php
+++ b/mod/filerm.php
@@ -13,8 +13,8 @@ function filerm_content(App $a)
 		killme();
 	}
 
-	$term = XML::unxmlify(trim($_GET['term']));
-	$cat = XML::unxmlify(trim($_GET['cat']));
+	$term = XML::unescape(trim($_GET['term']));
+	$cat = XML::unescape(trim($_GET['cat']));
 
 	$category = (($cat) ? true : false);
 
diff --git a/mod/photos.php b/mod/photos.php
index 0deb164b39..69b1972d4c 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -683,15 +683,15 @@ function photos_post(App $a)
 					$arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
 
 					$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
-					$arr['object'] .= '<link>' . XML::xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
+					$arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
 					if ($tagged[3]) {
-						$arr['object'] .= XML::xmlify('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
+						$arr['object'] .= XML::escape('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
 					}
 					$arr['object'] .= '</link></object>' . "\n";
 
 					$arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>'
 						. System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
-					$arr['target'] .= '<link>' . XML::xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
+					$arr['target'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
 
 					$item_id = Item::insert($arr);
 				}
diff --git a/mod/poco.php b/mod/poco.php
index 119250f2fd..08677ef8d4 100644
--- a/mod/poco.php
+++ b/mod/poco.php
@@ -376,7 +376,7 @@ function poco_init(App $a) {
 
 	if ($format === 'xml') {
 		header('Content-type: text/xml');
-		echo Renderer::replaceMacros(Renderer::getMarkupTemplate('poco_xml.tpl'), XML::arrayXmlify(['$response' => $ret]));
+		echo Renderer::replaceMacros(Renderer::getMarkupTemplate('poco_xml.tpl'), XML::arrayEscape(['$response' => $ret]));
 		killme();
 	}
 	if ($format === 'json') {
diff --git a/mod/poke.php b/mod/poke.php
index e459be345f..60ed5c402e 100644
--- a/mod/poke.php
+++ b/mod/poke.php
@@ -125,9 +125,9 @@ function poke_init(App $a)
 	$arr['body']          = '[url=' . $poster['url'] . ']' . $poster['name'] . '[/url]' . ' ' . L10n::t($verbs[$verb][0]) . ' ' . '[url=' . $target['url'] . ']' . $target['name'] . '[/url]';
 
 	$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $target['name'] . '</title><id>' . $target['url'] . '</id>';
-	$arr['object'] .= '<link>' . XML::xmlify('<link rel="alternate" type="text/html" href="' . $target['url'] . '" />' . "\n");
+	$arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $target['url'] . '" />' . "\n");
 
-	$arr['object'] .= XML::xmlify('<link rel="photo" type="image/jpeg" href="' . $target['photo'] . '" />' . "\n");
+	$arr['object'] .= XML::escape('<link rel="photo" type="image/jpeg" href="' . $target['photo'] . '" />' . "\n");
 	$arr['object'] .= '</link></object>' . "\n";
 
 	$item_id = Item::insert($arr);
diff --git a/mod/profile.php b/mod/profile.php
index b92b8453e6..cfbe07dadb 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -210,7 +210,7 @@ function profile_content(App $a, $update = 0)
 		$commvisitor = $commpage && $remote_contact;
 
 		$a->page['aside'] .= posted_date_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true);
-		$a->page['aside'] .= Widget::categories(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], (!empty($category) ? XML::xmlify($category) : ''));
+		$a->page['aside'] .= Widget::categories(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], (!empty($category) ? XML::escape($category) : ''));
 		$a->page['aside'] .= Widget::tagCloud();
 
 		if (Security::canWriteToUserWall($a->profile['profile_uid'])) {
diff --git a/mod/subthread.php b/mod/subthread.php
index 7a8ada08b5..425306b6f7 100644
--- a/mod/subthread.php
+++ b/mod/subthread.php
@@ -88,7 +88,7 @@ function subthread_content(App $a) {
 
 	$post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status'));
 	$objtype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE );
-	$link = XML::xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;
+	$link = XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;
 	$body = $item['body'];
 
 	$obj = <<< EOT
diff --git a/mod/tagger.php b/mod/tagger.php
index 8b7e7d0040..dd859e61cd 100644
--- a/mod/tagger.php
+++ b/mod/tagger.php
@@ -67,7 +67,7 @@ function tagger_content(App $a) {
 	}
 
 	$uri = Item::newURI($owner_uid);
-	$xterm = XML::xmlify($term);
+	$xterm = XML::escape($term);
 	$post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status'));
 	$targettype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE );
 
@@ -77,9 +77,9 @@ function tagger_content(App $a) {
 		$href = System::baseUrl() . '/display/' . $item['guid'];
 	}
 
-	$link = XML::xmlify('<link rel="alternate" type="text/html" href="'. $href . '" />' . "\n") ;
+	$link = XML::escape('<link rel="alternate" type="text/html" href="'. $href . '" />' . "\n") ;
 
-	$body = XML::xmlify($item['body']);
+	$body = XML::escape($item['body']);
 
 	$target = <<< EOT
 	<target>
diff --git a/src/Content/Widget.php b/src/Content/Widget.php
index 3e076729e1..397a1863d3 100644
--- a/src/Content/Widget.php
+++ b/src/Content/Widget.php
@@ -190,7 +190,7 @@ class Widget
 		if ($cnt) {
 			foreach ($matches as $mtch)
 			{
-				$unescaped = XML::xmlify(FileTag::decode($mtch[1]));
+				$unescaped = XML::escape(FileTag::decode($mtch[1]));
 				$terms[] = array('name' => $unescaped, 'selected' => (($selected == $unescaped) ? 'selected' : ''));
 			}
 		}
@@ -230,7 +230,7 @@ class Widget
 
 		if ($cnt) {
 			foreach ($matches as $mtch) {
-				$unescaped = XML::xmlify(FileTag::decode($mtch[1]));
+				$unescaped = XML::escape(FileTag::decode($mtch[1]));
 				$terms[] = array('name' => $unescaped, 'selected' => (($selected == $unescaped) ? 'selected' : ''));
 			}
 		}
diff --git a/src/Model/Event.php b/src/Model/Event.php
index 1f0b44693f..f4df6ac9f6 100644
--- a/src/Model/Event.php
+++ b/src/Model/Event.php
@@ -303,8 +303,8 @@ class Event extends BaseObject
 
 			$item = Item::selectFirst(['id'], ['event-id' => $event['id'], 'uid' => $event['uid']]);
 			if (DBA::isResult($item)) {
-				$object = '<object><type>' . XML::xmlify(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . XML::xmlify($event['uri']) . '</id>';
-				$object .= '<content>' . XML::xmlify(self::getBBCode($event)) . '</content>';
+				$object = '<object><type>' . XML::escape(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . XML::escape($event['uri']) . '</id>';
+				$object .= '<content>' . XML::escape(self::getBBCode($event)) . '</content>';
 				$object .= '</object>' . "\n";
 
 				$fields = ['body' => self::getBBCode($event), 'object' => $object, 'edited' => $event['edited']];
@@ -354,8 +354,8 @@ class Event extends BaseObject
 			$item_arr['body']          = self::getBBCode($event);
 			$item_arr['event-id']      = $event['id'];
 
-			$item_arr['object']  = '<object><type>' . XML::xmlify(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . XML::xmlify($event['uri']) . '</id>';
-			$item_arr['object'] .= '<content>' . XML::xmlify(self::getBBCode($event)) . '</content>';
+			$item_arr['object']  = '<object><type>' . XML::escape(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . XML::escape($event['uri']) . '</id>';
+			$item_arr['object'] .= '<content>' . XML::escape(self::getBBCode($event)) . '</content>';
 			$item_arr['object'] .= '</object>' . "\n";
 
 			$item_id = Item::insert($item_arr);
diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php
index 1b83beb0ed..33df28d92b 100644
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -2547,7 +2547,7 @@ class DFRN
 		$item["guid"] = XML::getFirstNodeValue($xpath, "dfrn:diaspora_guid/text()", $entry);
 
 		// We store the data from "dfrn:diaspora_signature" in a different table, this is done in "Item::insert"
-		$dsprsig = XML::unxmlify(XML::getFirstNodeValue($xpath, "dfrn:diaspora_signature/text()", $entry));
+		$dsprsig = XML::unescape(XML::getFirstNodeValue($xpath, "dfrn:diaspora_signature/text()", $entry));
 		if ($dsprsig != "") {
 			$item["dsprsig"] = $dsprsig;
 		}
diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php
index dccc3358bd..0b5c9c9496 100644
--- a/src/Protocol/Diaspora.php
+++ b/src/Protocol/Diaspora.php
@@ -463,7 +463,7 @@ class Diaspora
 		}
 
 		return ['message' => (string)base64url_decode($base->data),
-				'author' => XML::unxmlify($author_addr),
+				'author' => XML::unescape($author_addr),
 				'key' => (string)$key];
 	}
 
@@ -603,7 +603,7 @@ class Diaspora
 		Logger::log('Message verified.');
 
 		return ['message' => (string)$inner_decrypted,
-				'author' => XML::unxmlify($author_link),
+				'author' => XML::unescape($author_link),
 				'key' => (string)$key];
 	}
 
@@ -1505,9 +1505,9 @@ class Diaspora
 	 */
 	private static function receiveAccountMigration(array $importer, $data)
 	{
-		$old_handle = notags(XML::unxmlify($data->author));
-		$new_handle = notags(XML::unxmlify($data->profile->author));
-		$signature = notags(XML::unxmlify($data->signature));
+		$old_handle = notags(XML::unescape($data->author));
+		$new_handle = notags(XML::unescape($data->profile->author));
+		$signature = notags(XML::unescape($data->signature));
 
 		$contact = self::contactByHandle($importer["uid"], $old_handle);
 		if (!$contact) {
@@ -1565,7 +1565,7 @@ class Diaspora
 	 */
 	private static function receiveAccountDeletion($data)
 	{
-		$author = notags(XML::unxmlify($data->author));
+		$author = notags(XML::unescape($data->author));
 
 		$contacts = DBA::select('contact', ['id'], ['addr' => $author]);
 		while ($contact = DBA::fetch($contacts)) {
@@ -1656,19 +1656,19 @@ class Diaspora
 	 */
 	private static function receiveComment(array $importer, $sender, $data, $xml)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$parent_guid = notags(XML::unxmlify($data->parent_guid));
-		$text = XML::unxmlify($data->text);
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$parent_guid = notags(XML::unescape($data->parent_guid));
+		$text = XML::unescape($data->text);
 
 		if (isset($data->created_at)) {
-			$created_at = DateTimeFormat::utc(notags(XML::unxmlify($data->created_at)));
+			$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
 		} else {
 			$created_at = DateTimeFormat::utcNow();
 		}
 
 		if (isset($data->thread_parent_guid)) {
-			$thread_parent_guid = notags(XML::unxmlify($data->thread_parent_guid));
+			$thread_parent_guid = notags(XML::unescape($data->thread_parent_guid));
 			$thr_uri = self::getUriFromGuid("", $thread_parent_guid, true);
 		} else {
 			$thr_uri = "";
@@ -1773,24 +1773,24 @@ class Diaspora
 	 */
 	private static function receiveConversationMessage(array $importer, array $contact, $data, $msg, $mesg, $conversation)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$subject = notags(XML::unxmlify($data->subject));
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$subject = notags(XML::unescape($data->subject));
 
 		// "diaspora_handle" is the element name from the old version
 		// "author" is the element name from the new version
 		if ($mesg->author) {
-			$msg_author = notags(XML::unxmlify($mesg->author));
+			$msg_author = notags(XML::unescape($mesg->author));
 		} elseif ($mesg->diaspora_handle) {
-			$msg_author = notags(XML::unxmlify($mesg->diaspora_handle));
+			$msg_author = notags(XML::unescape($mesg->diaspora_handle));
 		} else {
 			return false;
 		}
 
-		$msg_guid = notags(XML::unxmlify($mesg->guid));
-		$msg_conversation_guid = notags(XML::unxmlify($mesg->conversation_guid));
-		$msg_text = XML::unxmlify($mesg->text);
-		$msg_created_at = DateTimeFormat::utc(notags(XML::unxmlify($mesg->created_at)));
+		$msg_guid = notags(XML::unescape($mesg->guid));
+		$msg_conversation_guid = notags(XML::unescape($mesg->conversation_guid));
+		$msg_text = XML::unescape($mesg->text);
+		$msg_created_at = DateTimeFormat::utc(notags(XML::unescape($mesg->created_at)));
 
 		if ($msg_conversation_guid != $guid) {
 			Logger::log("message conversation guid does not belong to the current conversation.");
@@ -1861,11 +1861,11 @@ class Diaspora
 	 */
 	private static function receiveConversation(array $importer, $msg, $data)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$subject = notags(XML::unxmlify($data->subject));
-		$created_at = DateTimeFormat::utc(notags(XML::unxmlify($data->created_at)));
-		$participants = notags(XML::unxmlify($data->participants));
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$subject = notags(XML::unescape($data->subject));
+		$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
+		$participants = notags(XML::unescape($data->participants));
 
 		$messages = $data->message;
 
@@ -1919,11 +1919,11 @@ class Diaspora
 	 */
 	private static function receiveLike(array $importer, $sender, $data)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$parent_guid = notags(XML::unxmlify($data->parent_guid));
-		$parent_type = notags(XML::unxmlify($data->parent_type));
-		$positive = notags(XML::unxmlify($data->positive));
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$parent_guid = notags(XML::unescape($data->parent_guid));
+		$parent_type = notags(XML::unescape($data->parent_type));
+		$positive = notags(XML::unescape($data->positive));
 
 		// likes on comments aren't supported by Diaspora - only on posts
 		// But maybe this will be supported in the future, so we will accept it.
@@ -2028,11 +2028,11 @@ class Diaspora
 	 */
 	private static function receiveMessage(array $importer, $data)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$conversation_guid = notags(XML::unxmlify($data->conversation_guid));
-		$text = XML::unxmlify($data->text);
-		$created_at = DateTimeFormat::utc(notags(XML::unxmlify($data->created_at)));
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$conversation_guid = notags(XML::unescape($data->conversation_guid));
+		$text = XML::unescape($data->text);
+		$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
 
 		$contact = self::allowedContactByHandle($importer, $author, true);
 		if (!$contact) {
@@ -2103,8 +2103,8 @@ class Diaspora
 	 */
 	private static function receiveParticipation(array $importer, $data)
 	{
-		$author = strtolower(notags(XML::unxmlify($data->author)));
-		$parent_guid = notags(XML::unxmlify($data->parent_guid));
+		$author = strtolower(notags(XML::unescape($data->author)));
+		$parent_guid = notags(XML::unescape($data->parent_guid));
 
 		$contact_id = Contact::getIdForURL($author);
 		if (!$contact_id) {
@@ -2196,22 +2196,22 @@ class Diaspora
 	 */
 	private static function receiveProfile(array $importer, $data)
 	{
-		$author = strtolower(notags(XML::unxmlify($data->author)));
+		$author = strtolower(notags(XML::unescape($data->author)));
 
 		$contact = self::contactByHandle($importer["uid"], $author);
 		if (!$contact) {
 			return false;
 		}
 
-		$name = XML::unxmlify($data->first_name).((strlen($data->last_name)) ? " ".XML::unxmlify($data->last_name) : "");
-		$image_url = XML::unxmlify($data->image_url);
-		$birthday = XML::unxmlify($data->birthday);
-		$gender = XML::unxmlify($data->gender);
-		$about = Markdown::toBBCode(XML::unxmlify($data->bio));
-		$location = Markdown::toBBCode(XML::unxmlify($data->location));
-		$searchable = (XML::unxmlify($data->searchable) == "true");
-		$nsfw = (XML::unxmlify($data->nsfw) == "true");
-		$tags = XML::unxmlify($data->tag_string);
+		$name = XML::unescape($data->first_name).((strlen($data->last_name)) ? " ".XML::unescape($data->last_name) : "");
+		$image_url = XML::unescape($data->image_url);
+		$birthday = XML::unescape($data->birthday);
+		$gender = XML::unescape($data->gender);
+		$about = Markdown::toBBCode(XML::unescape($data->bio));
+		$location = Markdown::toBBCode(XML::unescape($data->location));
+		$searchable = (XML::unescape($data->searchable) == "true");
+		$nsfw = (XML::unescape($data->nsfw) == "true");
+		$tags = XML::unescape($data->tag_string);
 
 		$tags = explode("#", $tags);
 
@@ -2310,8 +2310,8 @@ class Diaspora
 	 */
 	private static function receiveContactRequest(array $importer, $data)
 	{
-		$author = XML::unxmlify($data->author);
-		$recipient = XML::unxmlify($data->recipient);
+		$author = XML::unescape($data->author);
+		$recipient = XML::unescape($data->recipient);
 
 		if (!$author || !$recipient) {
 			return false;
@@ -2320,13 +2320,13 @@ class Diaspora
 		// the current protocol version doesn't know these fields
 		// That means that we will assume their existance
 		if (isset($data->following)) {
-			$following = (XML::unxmlify($data->following) == "true");
+			$following = (XML::unescape($data->following) == "true");
 		} else {
 			$following = true;
 		}
 
 		if (isset($data->sharing)) {
-			$sharing = (XML::unxmlify($data->sharing) == "true");
+			$sharing = (XML::unescape($data->sharing) == "true");
 		} else {
 			$sharing = true;
 		}
@@ -2573,13 +2573,13 @@ class Diaspora
 	 */
 	private static function receiveReshare(array $importer, $data, $xml)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$created_at = DateTimeFormat::utc(notags(XML::unxmlify($data->created_at)));
-		$root_author = notags(XML::unxmlify($data->root_author));
-		$root_guid = notags(XML::unxmlify($data->root_guid));
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
+		$root_author = notags(XML::unescape($data->root_author));
+		$root_guid = notags(XML::unescape($data->root_guid));
 		/// @todo handle unprocessed property "provider_display_name"
-		$public = notags(XML::unxmlify($data->public));
+		$public = notags(XML::unescape($data->public));
 
 		$contact = self::allowedContactByHandle($importer, $author, false);
 		if (!$contact) {
@@ -2665,9 +2665,9 @@ class Diaspora
 	 */
 	private static function itemRetraction(array $importer, array $contact, $data)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$target_guid = notags(XML::unxmlify($data->target_guid));
-		$target_type = notags(XML::unxmlify($data->target_type));
+		$author = notags(XML::unescape($data->author));
+		$target_guid = notags(XML::unescape($data->target_guid));
+		$target_type = notags(XML::unescape($data->target_type));
 
 		$person = self::personByHandle($author);
 		if (!is_array($person)) {
@@ -2729,7 +2729,7 @@ class Diaspora
 	 */
 	private static function receiveRetraction(array $importer, $sender, $data)
 	{
-		$target_type = notags(XML::unxmlify($data->target_type));
+		$target_type = notags(XML::unescape($data->target_type));
 
 		$contact = self::contactByHandle($importer["uid"], $sender);
 		if (!$contact && (in_array($target_type, ["Contact", "Person"]))) {
@@ -2774,12 +2774,12 @@ class Diaspora
 	 */
 	private static function receiveStatusMessage(array $importer, SimpleXMLElement $data, $xml)
 	{
-		$author = notags(XML::unxmlify($data->author));
-		$guid = notags(XML::unxmlify($data->guid));
-		$created_at = DateTimeFormat::utc(notags(XML::unxmlify($data->created_at)));
-		$public = notags(XML::unxmlify($data->public));
-		$text = XML::unxmlify($data->text);
-		$provider_display_name = notags(XML::unxmlify($data->provider_display_name));
+		$author = notags(XML::unescape($data->author));
+		$guid = notags(XML::unescape($data->guid));
+		$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
+		$public = notags(XML::unescape($data->public));
+		$text = XML::unescape($data->text);
+		$provider_display_name = notags(XML::unescape($data->provider_display_name));
 
 		$contact = self::allowedContactByHandle($importer, $author, false);
 		if (!$contact) {
@@ -2794,7 +2794,7 @@ class Diaspora
 		$address = [];
 		if ($data->location) {
 			foreach ($data->location->children() as $fieldname => $data) {
-				$address[$fieldname] = notags(XML::unxmlify($data));
+				$address[$fieldname] = notags(XML::unescape($data));
 			}
 		}
 
@@ -2805,8 +2805,8 @@ class Diaspora
 		// Attach embedded pictures to the body
 		if ($data->photo) {
 			foreach ($data->photo as $photo) {
-				$body = "[img]".XML::unxmlify($photo->remote_photo_path).
-					XML::unxmlify($photo->remote_photo_name)."[/img]\n".$body;
+				$body = "[img]".XML::unescape($photo->remote_photo_path).
+					XML::unescape($photo->remote_photo_name)."[/img]\n".$body;
 			}
 
 			$datarray["object-type"] = ACTIVITY_OBJ_IMAGE;