diff --git a/components/ILIAS/Block/classes/class.ilBlockGUI.php b/components/ILIAS/Block/classes/class.ilBlockGUI.php
index d4e3f470024f..a4ff03957436 100755
--- a/components/ILIAS/Block/classes/class.ilBlockGUI.php
+++ b/components/ILIAS/Block/classes/class.ilBlockGUI.php
@@ -136,6 +136,16 @@ abstract public function getBlockType(): string;
      */
     abstract protected function isRepositoryObject(): bool;
 
+    protected function specialCharsAsEntities(string $string): string
+    {
+        // Should be replaced by a proper refinery transformation once https://github.com/ILIAS-eLearning/ILIAS/pull/6314 is merged
+        return  htmlspecialchars(
+            $string,
+            ENT_QUOTES | ENT_SUBSTITUTE,
+            'utf-8'
+        );
+    }
+
     public function setData(array $a_data): void
     {
         $this->data = $a_data;
@@ -848,14 +858,14 @@ public function getHTMLNew(): string
         switch ($this->getPresentation()) {
             case self::PRES_SEC_LEG:
                 $panel = $this->factory->panel()->secondary()->legacy(
-                    $this->getTitle(),
+                    $this->specialCharsAsEntities($this->getTitle()),
                     $this->factory->legacy($this->getLegacyContent())
                 );
                 break;
 
             case self::PRES_MAIN_LEG:
                 $panel = $this->factory->panel()->standard(
-                    $this->getTitle(),
+                    $this->specialCharsAsEntities($this->getTitle()),
                     $this->factory->legacy($this->getLegacyContent())
                 );
                 break;
@@ -863,7 +873,7 @@ public function getHTMLNew(): string
             case self::PRES_SEC_LIST:
                 $this->handleNavigation();
                 $panel = $this->factory->panel()->secondary()->listing(
-                    $this->getTitle(),
+                    $this->specialCharsAsEntities($this->getTitle()),
                     $this->getListItemGroups()
                 );
                 break;
@@ -872,7 +882,7 @@ public function getHTMLNew(): string
             case self::PRES_MAIN_LIST:
                 $this->handleNavigation();
                 $panel = $this->factory->panel()->listing()->standard(
-                    $this->getTitle(),
+                    $this->specialCharsAsEntities($this->getTitle()),
                     $this->getListItemGroups()
                 );
                 break;
@@ -883,12 +893,12 @@ public function getHTMLNew(): string
             ($panel->getItemGroups() === [] || (count($panel->getItemGroups()) === 1 && $panel->getItemGroups()[0]->getItems() === []))) {
             if ($this->getPresentation() === self::PRES_SEC_LIST) {
                 $panel = $this->factory->panel()->secondary()->legacy(
-                    $this->getTitle(),
+                    $this->specialCharsAsEntities($this->getTitle()),
                     $this->factory->legacy($this->getNoItemFoundContent())
                 );
             } else {
                 $panel = $this->factory->panel()->standard(
-                    $this->getTitle(),
+                    $this->specialCharsAsEntities($this->getTitle()),
                     $this->factory->legacy($this->getNoItemFoundContent())
                 );
             }
@@ -958,7 +968,7 @@ protected function getActionsForPanel(): ?Dropdown
             $actions = $this->factory->dropdown()->standard($actions)
                                ->withAriaLabel(sprintf(
                                    $this->lng->txt('actions_for'),
-                                   htmlspecialchars($this->getTitle())
+                                   $this->specialCharsAsEntities($this->getTitle())
                                ));
             return $actions;
         }
diff --git a/components/ILIAS/Poll/classes/BlockGUI/Answers/class.ilPollAnswersRenderer.php b/components/ILIAS/Poll/classes/BlockGUI/Answers/class.ilPollAnswersRenderer.php
index 3ac7111c0e75..918bdd6e1c22 100755
--- a/components/ILIAS/Poll/classes/BlockGUI/Answers/class.ilPollAnswersRenderer.php
+++ b/components/ILIAS/Poll/classes/BlockGUI/Answers/class.ilPollAnswersRenderer.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -16,16 +14,23 @@
  * https://www.ilias.de
  * https://github.com/ILIAS-eLearning
  *
- ********************************************************************
- */
+ *********************************************************************/
+
+declare(strict_types=1);
+
+use ILIAS\Refinery\Factory as Refinery;
 
 class ilPollAnswersRenderer
 {
     protected ilLanguage $lng;
+    protected Refinery $refinery;
 
-    public function __construct(ilLanguage $lng)
-    {
+    public function __construct(
+        ilLanguage $lng,
+        Refinery $refinery
+    ) {
         $this->lng = $lng;
+        $this->refinery = $refinery;
     }
 
     public function render(
@@ -98,7 +103,10 @@ protected function renderAnswer(
             }
         }
         $tpl->setVariable("VALUE_ANSWER", $id);
-        $tpl->setVariable("TXT_ANSWER_VOTE", nl2br($answer));
+        $tpl->setVariable(
+            "TXT_ANSWER_VOTE",
+            $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($answer))
+        );
         $tpl->parseCurrentBlock();
     }
 }
diff --git a/components/ILIAS/Poll/classes/BlockGUI/Results/class.ilPollResultsRenderer.php b/components/ILIAS/Poll/classes/BlockGUI/Results/class.ilPollResultsRenderer.php
index 7c2de7435767..48ddb0ab7d8a 100755
--- a/components/ILIAS/Poll/classes/BlockGUI/Results/class.ilPollResultsRenderer.php
+++ b/components/ILIAS/Poll/classes/BlockGUI/Results/class.ilPollResultsRenderer.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -16,17 +14,23 @@
  * https://www.ilias.de
  * https://github.com/ILIAS-eLearning
  *
- ********************************************************************
- */
+ *********************************************************************/
+
+declare(strict_types=1);
+
+use ILIAS\Refinery\Factory as Refinery;
 
 class ilPollResultsRenderer
 {
     protected int $ref_id;
+    protected Refinery $refinery;
 
     public function __construct(
-        int $ref_id
+        int $ref_id,
+        Refinery $refinery
     ) {
         $this->ref_id = $ref_id;
+        $this->refinery = $refinery;
     }
 
     public function render(
@@ -54,7 +58,7 @@ protected function renderPieChart(
         foreach ($results->getOrderedAnswerIds() as $id) {
             $chart_data->addPiePoint(
                 (int) round($results->getAnswerPercentage($id)),
-                nl2br($results->getAnswerText($id))
+                $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($results->getAnswerText($id)))
             );
         }
 
@@ -79,7 +83,10 @@ protected function renderBarChart(
             $pbar->setCurrent(round($results->getAnswerPercentage($id)));
             $pbar->setCaption('(' . $results->getAnswerTotal($id) . ')');
             $tpl->setVariable("PERC_ANSWER_RESULT", $pbar->render());
-            $tpl->setVariable("TXT_ANSWER_RESULT", nl2br($results->getAnswerText($id)));
+            $tpl->setVariable(
+                "TXT_ANSWER_RESULT",
+                $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($results->getAnswerText($id)))
+            );
             $tpl->parseCurrentBlock();
         }
     }
diff --git a/components/ILIAS/Poll/classes/BlockGUI/class.ilPollBlockGUI.php b/components/ILIAS/Poll/classes/BlockGUI/class.ilPollBlockGUI.php
index 5d74c9595b0e..a04898d34616 100755
--- a/components/ILIAS/Poll/classes/BlockGUI/class.ilPollBlockGUI.php
+++ b/components/ILIAS/Poll/classes/BlockGUI/class.ilPollBlockGUI.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -19,8 +17,11 @@
  ********************************************************************
  */
 
+declare(strict_types=1);
+
 use ILIAS\UI\Factory as UIFactory;
 use ILIAS\UI\Renderer as UIRenderer;
+use ILIAS\Refinery\Factory as Refinery;
 
 /**
  * BlockGUI class for polls.
@@ -36,6 +37,7 @@ class ilPollBlockGUI extends ilBlockGUI
     protected bool $new_rendering = true;
     protected UIFactory $ui_factory;
     protected UIRenderer $ui_renderer;
+    protected Refinery $refinery;
     protected ilPollStateInfo $state;
     protected ilPollCommentsHandler $comments;
 
@@ -49,6 +51,7 @@ public function __construct()
         $this->access = $DIC->access();
         $this->ui_factory = $DIC->ui()->factory();
         $this->ui_renderer = $DIC->ui()->renderer();
+        $this->refinery = $DIC->refinery();
 
         parent::__construct();
 
@@ -196,12 +199,19 @@ protected function initContentRenderer(): ilPollContentRenderer
             $this->lng,
             $this->ui_factory,
             $this->ui_renderer,
+            $this->refinery,
             $this->state,
             $this->comments,
             $answers,
-            new ilPollAnswersRenderer($this->lng),
+            new ilPollAnswersRenderer(
+                $this->lng,
+                $this->refinery
+            ),
             $results,
-            new ilPollResultsRenderer($this->getRefId())
+            new ilPollResultsRenderer(
+                $this->getRefId(),
+                $this->refinery
+            )
         );
     }
 
diff --git a/components/ILIAS/Poll/classes/BlockGUI/class.ilPollContentRenderer.php b/components/ILIAS/Poll/classes/BlockGUI/class.ilPollContentRenderer.php
index b82b6c467adc..73b27ebb1de3 100755
--- a/components/ILIAS/Poll/classes/BlockGUI/class.ilPollContentRenderer.php
+++ b/components/ILIAS/Poll/classes/BlockGUI/class.ilPollContentRenderer.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -19,8 +17,11 @@
  ********************************************************************
  */
 
+declare(strict_types=1);
+
 use ILIAS\UI\Factory as UIFactory;
 use ILIAS\UI\Renderer as UIRenderer;
+use ILIAS\Refinery\Factory as Refinery;
 
 class ilPollContentRenderer
 {
@@ -33,11 +34,13 @@ class ilPollContentRenderer
     protected ilLanguage $lng;
     protected UIFactory $ui_factory;
     protected UIRenderer $ui_renderer;
+    protected Refinery $refinery;
 
     public function __construct(
         ilLanguage $lng,
         UIFactory $ui_factory,
         UIRenderer $ui_renderer,
+        Refinery $refinery,
         ilPollStateInfo $availability,
         ilPollCommentsHandler $comments,
         ilPollAnswersHandler $answers,
@@ -48,6 +51,7 @@ public function __construct(
         $this->lng = $lng;
         $this->ui_factory = $ui_factory;
         $this->ui_renderer = $ui_renderer;
+        $this->refinery = $refinery;
         $this->state = $availability;
         $this->comments = $comments;
         $this->answers = $answers;
@@ -219,7 +223,10 @@ protected function renderQuestion(
         string $text,
         ?string $img_path
     ): void {
-        $tpl->setVariable("TXT_QUESTION", nl2br(trim($text)));
+        $tpl->setVariable(
+            "TXT_QUESTION",
+            $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br(trim($text)))
+        );
         if ($img_path) {
             $tpl->setVariable(
                 "URL_IMAGE",
@@ -300,7 +307,10 @@ protected function renderDescription(
     ): void {
         $description = trim($description);
         if ($description) {
-            $tpl->setVariable("TXT_DESC", nl2br($description));
+            $tpl->setVariable(
+                "TXT_DESC",
+                $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform(nl2br($description))
+            );
         }
     }
 
diff --git a/components/ILIAS/Poll/classes/class.ilPollDataSet.php b/components/ILIAS/Poll/classes/class.ilPollDataSet.php
index 7a1bc8e74fee..558f93cbb8c2 100755
--- a/components/ILIAS/Poll/classes/class.ilPollDataSet.php
+++ b/components/ILIAS/Poll/classes/class.ilPollDataSet.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -16,8 +14,9 @@
  * https://www.ilias.de
  * https://github.com/ILIAS-eLearning
  *
- ********************************************************************
- */
+ *********************************************************************/
+
+declare(strict_types=1);
 
 /**
  * Poll Dataset class
@@ -180,6 +179,24 @@ public function importRecord(
         ilImportMapping $a_mapping,
         string $a_schema_version
     ): void {
+        $a_rec = $this->stripTags(
+            $a_rec,
+            [
+                'Id',
+                'MaxAnswers',
+                'ResultSort',
+                'NonAnon',
+                'ShowResultsAs',
+                'ShowComments',
+                'ViewResults',
+                'Period',
+                'PeriodBegin',
+                'PeriodEnd',
+                'PollId',
+                'pos',
+            ]
+        );
+
         switch ($a_entity) {
             case "poll":
                 // container copy
@@ -190,6 +207,7 @@ public function importRecord(
                     $newObj->create();
                 }
 
+                /** @var ilObjPoll $newObj */
                 $newObj->setTitle((string) ($a_rec["Title"] ?? ''));
                 $newObj->setDescription((string) ($a_rec["Description"]));
                 if ((int) $a_rec["MaxAnswers"]) {