diff --git a/zenario/admin/db_updates/latest_revision_no.inc.php b/zenario/admin/db_updates/latest_revision_no.inc.php
index dec5c29f1..ad5ae49cf 100644
--- a/zenario/admin/db_updates/latest_revision_no.inc.php
+++ b/zenario/admin/db_updates/latest_revision_no.inc.php
@@ -27,8 +27,8 @@
  */
 if (!defined('NOT_ACCESSED_DIRECTLY')) exit('This file may not be directly accessed');
 
-define('LATEST_REVISION_NO', 45403);	//N.b. 8.2 starts at revision #45600
-define('LATEST_BIG_CHANGE_REVISION_NO', 45400);
+define('LATEST_REVISION_NO', 45404);	//N.b. 8.3 starts at revision #45600
+define('LATEST_BIG_CHANGE_REVISION_NO', 45404);
 define('INSTALLER_REVISION_NO', 41600);
 define('INSTALLER_DEFAULT_THEME', 'duke_street');
 
@@ -37,6 +37,6 @@
 define('ZENARIO_MAJOR_VERSION', '8');
 define('ZENARIO_MINOR_VERSION', '2');
 define('ZENARIO_IS_BUILD', true);
-define('ZENARIO_REVISION', '46436');
+define('ZENARIO_REVISION', '46614');
 
 define('TINYMCE_DIR', 'zenario/libs/manually_maintained/lgpl/tinymce_4_7_3/');
\ No newline at end of file
diff --git a/zenario/autoload/datasetAdm.php b/zenario/autoload/datasetAdm.php
index ea857b303..ffb77338d 100644
--- a/zenario/autoload/datasetAdm.php
+++ b/zenario/autoload/datasetAdm.php
@@ -261,6 +261,7 @@ public static function listCustomFields($dataset, $flat = true, $filter = false,
 						[
 							'group',
 							'checkbox',
+							'consent',
 							'checkboxes',
 							'date',
 							'editor',
diff --git a/zenario/autoload/document.php b/zenario/autoload/document.php
index fd502eac6..b439eda3c 100644
--- a/zenario/autoload/document.php
+++ b/zenario/autoload/document.php
@@ -128,6 +128,7 @@ public static function createFolder($name, $parentId = false, $makeNameUnqiue =
 				'type' => 'folder',
 				'folder_name' => $name,
 				'folder_id' => $parentId,
+				'privacy' => 'public',
 				'ordinal' => 0
 			]
 		);
diff --git a/zenario/js/panel_type_form_builder.js b/zenario/js/panel_type_form_builder.js
index 6b2693f40..5e39a38e8 100644
--- a/zenario/js/panel_type_form_builder.js
+++ b/zenario/js/panel_type_form_builder.js
@@ -475,7 +475,7 @@ methods.loadFieldDetailsPage = function(page, fieldId, errors) {
 			});
 		}
 	} else if (page == 'translations') {
-		var transFieldNamesList = _.toArray(thus.tuix.field_details.tabs[page].translapagele_fields);
+		var transFieldNamesList = _.toArray(thus.tuix.field_details.tabs[page].translatable_fields);
 		var transFieldNames = {};
 		for (var i = 0; i < transFieldNamesList.length; i++) {
 			transFieldNames[transFieldNamesList[i]] = true;
@@ -1619,7 +1619,7 @@ methods.addNewField = function(type, ord, datasetFieldId, datasetPageId, dataset
 		
 		if (datasetField.db_column == 'terms_and_conditions_accepted') {
 			newField.field_label = 'By submitting your details you are agreeing that we can store your data for legitimate business purposes and contact you to inform you about our products and services.';
-			newField.note_to_user = 'Full details can be found in our <a href="#">privacy policy.</a>';
+			newField.note_to_user = 'Full details can be found in our <a href="privacy" target="_blank">privacy policy</a>.';
 		}
 		
 		if (datasetField.dataset_repeat_grouping) {
diff --git a/zenario/js/panel_type_form_builder.min.js b/zenario/js/panel_type_form_builder.min.js
index c89705c75..3b1fc0860 100644
--- a/zenario/js/panel_type_form_builder.min.js
+++ b/zenario/js/panel_type_form_builder.min.js
@@ -15,7 +15,7 @@ function(){var b={},c;for(c in d.tuix.fields)if(n(d.tuix.fields,c)){var f=d.tuix
 JSON.parse(c.details.calculation_code):"";d.changeMadeToPanel();d.saveCurrentOpenDetails();d.loadFieldDetailsPage("details",a)})})}else if("advanced"==b)$("#field__css_classes").on("keyup",function(){$("#organizer_form_field_"+a+" .form_field_classes .css").toggle(!!$(this).val()).prop("title",$(this).val())}),$("#field__div_wrap_class").on("keyup",function(){$("#organizer_form_field_"+a+" .form_field_classes .div").toggle(!!$(this).val()).prop("title",$(this).val())});else if("values"==b)m.values&&
 !m.values._hidden&&(l=d.getOrderedFieldValues(a),f=d.microTemplate("zenario_organizer_admin_box_builder_field_value",l),$("#field_values_list").html(f).sortable({containment:"parent",tolerance:"pointer",axis:"y",start:function(a,b){d.startIndex=b.item.index()},stop:function(b,c){d.startIndex!=c.item.index()&&(d.saveFieldListOfValues(d.tuix.fields[a]),d.loadFieldValuesListPreview(a),d.changeMadeToPanel())}}),$("#field_values_list input").on("keyup",function(){var a=$(this).data("id");$("#organizer_field_value_"+
 a+" label").text($(this).val());d.changeMadeToPanel()}),$("#organizer_add_a_field_value").on("click",function(){d.addFieldValue(e);d.saveItemTUIXPage("field_details",b,e);d.loadFieldDetailsPage(b,a);d.loadFieldValuesListPreview(a);d.changeMadeToPanel()}),$("#field_values_list .delete_icon").on("click",function(){var c=$(this).data("id");e.lov[c]&&(d.deletedValues.push(c),delete e.lov[c]);d.saveItemTUIXPage("field_details",b,e);d.loadFieldDetailsPage(b,a);d.loadFieldValuesListPreview(a);d.changeMadeToPanel()}));
-else if("translations"==b){f=_._tA(d.tuix.field_details.tabs[b].translapagele_fields);c={};for(l=0;l<f.length;l++)c[f[l]]=!0;b="details";var f=d.tuix.field_details.tabs[b].fields,m=d.loadFields("field_details/"+b,f,e),m=d.formatFieldDetails(m,e,"field",b),k=d.sortFields(m,e),h=[];for(l in k)if(n(k,l)){var r=k[l];c[r.id]&&!r._hidden&&h.push(r.id)}k=d.sortLanguages(d.tuix.languages);c=[];for(l in h)if(n(h,l)&&(r=h[l],m[r]&&!m[r]._hidden)){var g={};e._translations&&e._translations[r]&&(g=e._translations[r]);
+else if("translations"==b){f=_._tA(d.tuix.field_details.tabs[b].translatable_fields);c={};for(l=0;l<f.length;l++)c[f[l]]=!0;b="details";var f=d.tuix.field_details.tabs[b].fields,m=d.loadFields("field_details/"+b,f,e),m=d.formatFieldDetails(m,e,"field",b),k=d.sortFields(m,e),h=[];for(l in k)if(n(k,l)){var r=k[l];c[r.id]&&!r._hidden&&h.push(r.id)}k=d.sortLanguages(d.tuix.languages);c=[];for(l in h)if(n(h,l)&&(r=h[l],m[r]&&!m[r]._hidden)){var g={};e._translations&&e._translations[r]&&(g=e._translations[r]);
 var p={};f[r]&&f[r].label&&(p.label=f[r].label);e[r]?p.value=e[r]:(p.value="(No text is defined in the default language)",p.disabled=!0);p.phrases=[];for(var s in k)if(n(k,s)){var u=k[s];parseInt(u.translate_phrases)&&p.phrases.push({field_column:r,language_id:u.id,language_name:u.english_name,phrase:g.phrases&&g.phrases[u.id]&&!p.disabled?g.phrases[u.id]:"",disabled:p.disabled})}c.push(p)}f=d.microTemplate("zenario_organizer_form_builder_translatable_field",c);$("#organizer_field_translations").html(f);
 $("#organizer_field_translations input").on("keyup",function(){d.changeMadeToPanel()})}else if("crm"==b){s="";"crm"==b&&(s="crm");f=s+"_value";$("#organizer_crm_button__set_labels").on("click",function(){d.changeMadeToPanel();$("#organizer_field_crm_values input.crm_value_input").each(function(b,c){var e=$(this).data("id"),f="";d.tuix.fields[a].lov&&d.tuix.fields[a].lov[e]&&(f=d.tuix.fields[a].lov[e].label);$(this).val(f)})});$("#organizer_crm_button__set_values").on("click",function(){d.changeMadeToPanel();
 $("#organizer_field_crm_values input.crm_value_input").each(function(a,b){var c=$(this).data("id");$(this).val(c)})});m={values:[]};if("checkbox"==e.type||"group"==e.type||"consent"==e.type){l={unchecked:{label:0,ord:1},checked:{label:1,ord:2}};if(e["_"+s+"_data"]&&e["_"+s+"_data"].values)for(h in e["_"+s+"_data"].values)n(e["_"+s+"_data"].values,h)&&(k=e["_"+s+"_data"].values[h],l[h]&&w(k[s+"_value"])&&(l[h][s+"_value"]=k[s+"_value"]));for(h in l)n(l,h)&&(k=l[h],k.id=h,k.crm_value_name=f,m.values.push(k));
@@ -55,7 +55,7 @@ d.id,a.addNewField(e[h].type,q+e[h].ord/1E3,!1,!1,e[h]))}for(h=0;h<b.length;h++)
 this.getOrderedPages(),c,d;if(2<=a.length)for(c=this.getOrderedFields(b),d=0;d<a.length;d++)if(a[d].id==b){if(a[d-1])for(d=a[d-1].id,a=0;a<c.length;a++)this.moveFieldToPage(b,d,c[a].id);else for(d=a[d+1].id,a=c.length-1;0<=a;a--)this.moveFieldToPage(b,d,c[a].id,!0);this.deletedPages.push(b);delete this.tuix.items[b];this.clickPage(d);this.changeMadeToPanel();break}};g.deleteField=function(b){pageId=this.currentPageId;if(this.tuix.fields[b]){this.changeMadeToPanel();this.deletedFields.push(b);var a=
 this.tuix.fields[b];if("repeat_start"==a.type){var c=this.getMatchingRepeatEnd(b);c&&(this.deletedFields.push(c),delete this.tuix.items[pageId].fields[c],delete this.tuix.fields[c])}if(a.dataset_repeat_grouping)for(var c=this.getOrderedFields(pageId),d=0;d<c.length;d++)c[d].dataset_repeat_grouping&&c[d].dataset_repeat_grouping==a.dataset_repeat_grouping&&"repeat_start"!=c[d].type&&(this.deletedFields.push(c[d].id),delete this.tuix.items[pageId].fields[c[d].id],delete this.tuix.fields[c[d].id]);for(var c=
 this.getOrderedFields(pageId),e=!1,f=!1,d=0;d<c.length;d++)if(c[d].id==a.id&&(e=d),!1!==e)if(0<e){f=c[e-1].id;break}else if(b!=c[d].id){f=c[d].id;break}f&&"repeat_end"==this.tuix.fields[f].type&&(f=!1);delete this.tuix.items[pageId].fields[b];delete this.tuix.fields[b];this.loadFieldsList(pageId);f?this.clickField(f):this.loadNewFieldsPanel()}};g.addNewField=function(b,a,c,d,e,f,l){var g="t"+this.maxNewCustomField++,k=!1;if(e||c&&this.tuix.dataset_fields[d]&&this.tuix.dataset_fields[d].fields[c]){if(e||
-(e=this.tuix.dataset_fields[d].fields[c]),k={type:e.type,name:e.label,field_label:e.label,dataset_field_id:e.id,values_source:e.values_source,values_source_filter:e.values_source_filter,db_column:e.db_column},"terms_and_conditions_accepted"==e.db_column&&(k.field_label="By submitting your details you are agreeing that we can store your data for legitimate business purposes and contact you to inform you about our products and services.",k.note_to_user='Full details can be found in our <a href="#">privacy policy.</a>'),
+(e=this.tuix.dataset_fields[d].fields[c]),k={type:e.type,name:e.label,field_label:e.label,dataset_field_id:e.id,values_source:e.values_source,values_source_filter:e.values_source_filter,db_column:e.db_column},"terms_and_conditions_accepted"==e.db_column&&(k.field_label="By submitting your details you are agreeing that we can store your data for legitimate business purposes and contact you to inform you about our products and services.",k.note_to_user='Full details can be found in our <a href="privacy" target="_blank">privacy policy</a>.'),
 e.dataset_repeat_grouping&&(k.dataset_repeat_grouping=e.dataset_repeat_grouping),e.lov&&(k.lov=e.lov),"repeat_start"==e.type){k.dataset_repeat_grouping=e.id;d=[];for(var h in e.fields)if(n(e.fields,h)){var r=e.fields[h];d.push(r)}d.sort(this.sortByOrd);for(h=0;h<d.length;h++)r=d[h],r.dataset_repeat_grouping=e.id,this.addNewField(r.type,a+0.001*(h+1),q,q,r)}}else if(b)if(k={type:b,field_label:"Untitled",name:"Untitled "+this.getFieldReadableType(b).toLowerCase()},"checkboxes"==b||"radios"==b||"select"==
 b)for(k.lov={},h=1;3>=h;h++)this.addFieldValue(k,"Option "+h);else"repeat_start"==b&&this.addNewField("repeat_end",a+0.001);for(var t in this.tuix.field_details.tabs)if(n(this.tuix.field_details.tabs,t)&&(page=this.tuix.field_details.tabs[t],page.fields))for(var p in page.fields)n(page.fields,p)&&(d=page.fields[p],w(d.value)&&!w(k[p])&&(k[p]=d.value));if(k){if(f&&(k=JSON.parse(JSON.stringify(this.tuix.fields[f])),"checkboxes"==k.type||"select"==k.type||"radios"==k.type)){f=k.lov;delete k.lov;k.lov=
 {};for(var s in f)this.addFieldValue(k,f[s].label,f[s].ord)}k.ord=a;k._is_new=!0;k.just_added=!0;k.id=g;if("page_break"==b)b=this.getOrderedPages(),k.name="Page "+(b.length+1),k.fields={},this.tuix.items[g]=k,l||this.clickPage(g,!0);else if(this.tuix.items[this.currentPageId].fields[g]=1,this.tuix.fields[g]=k,!e||c)this.loadFieldsList(this.currentPageId),l||this.clickField(g,k.just_added)}};g.clickField=function(b,a){this.selectedFieldId!=b&&this.tuix.fields[b]&&"repeat_end"!=this.tuix.fields[b].type&&
diff --git a/zenario/modules/zenario_banner/fun/formatAdminBox.php b/zenario/modules/zenario_banner/fun/formatAdminBox.php
index 94681bf0d..1f3599fa3 100644
--- a/zenario/modules/zenario_banner/fun/formatAdminBox.php
+++ b/zenario/modules/zenario_banner/fun/formatAdminBox.php
@@ -33,6 +33,13 @@
 		if (!ze\module::inc('zenario_ctype_picture')) {
 			unset($fields['first_tab/image_source']['values']['_PICTURE']);
 		}
+		
+		$retinaSideNote = "If the source image is large enough,
+                            the resized image will be output at twice its displayed width &amp; height
+                            to appear crisp on retina screens.
+                            This will increase the download size.
+                            <br/>
+                            If the source image is not large enough this will have no effect.";
 	
 		
 		$fields['first_tab/use_rollover']['hidden'] = 
@@ -94,6 +101,11 @@
 			!$imagePicked;
 		
 		$this->showHideImageOptions($fields, $values, 'first_tab', $hidden);
+		if ($values['first_tab/canvas'] != "unlimited") {
+			$fields['first_tab/canvas']['side_note'] = $retinaSideNote;
+		} else {
+			$fields['first_tab/canvas']['side_note'] = "";
+		}
 		
 		$fields['first_tab/floating_box_title']['hidden'] = 
 			!$imagePicked
@@ -164,6 +176,11 @@
 		
 		$hidden = $values['first_tab/link_type'] != '_ENLARGE_IMAGE';
 		$this->showHideImageOptions($fields, $values, 'first_tab', $hidden, 'enlarge_');
+		if ($values['first_tab/enlarge_canvas'] != "unlimited") {
+			$fields['first_tab/enlarge_canvas']['side_note'] = $retinaSideNote;
+		} else {
+			$fields['first_tab/enlarge_canvas']['side_note'] = "";
+		}
 		
 		$cID = $cType = false;
 		if ($values['first_tab/link_type'] == '_CONTENT_ITEM'
@@ -216,6 +233,11 @@
 		$fields['mobile_tab/mobile_image']['hidden'] = $hideMobileOptions;
 		
 		$this->showHideImageOptions($fields, $values, 'mobile_tab', $hideMobileOptions, 'mobile_');
+		if ($values['mobile_tab/mobile_canvas'] != "unlimited") {
+			$fields['mobile_tab/mobile_canvas']['side_note'] = $retinaSideNote;
+		} else {
+			$fields['mobile_tab/mobile_canvas']['side_note'] = "";
+		}
 		
 		//Privacy warning:
 		//Get selected document...
diff --git a/zenario/modules/zenario_content_list/fun/formatAdminBox.php b/zenario/modules/zenario_content_list/fun/formatAdminBox.php
index 9497d5c3b..35dd89212 100644
--- a/zenario/modules/zenario_content_list/fun/formatAdminBox.php
+++ b/zenario/modules/zenario_content_list/fun/formatAdminBox.php
@@ -33,8 +33,20 @@
 		$fields['each_item/author_retina']['hidden'] = 
 			!$values['each_item/show_author_image'];
 		
+		$retinaSideNote = "If the source image is large enough,
+                            the resized image will be output at twice its displayed width &amp; height
+                            to appear crisp on retina screens.
+                            This will increase the download size.
+                            <br/>
+                            If the source image is not large enough this will have no effect.";
+		
 		$hidden = !$values['each_item/show_author_image'];
 		$this->showHideImageOptions($fields, $values, 'each_item', $hidden, 'author_');
+		if ($values['each_item/author_canvas'] != "unlimited") {
+			$fields['each_item/author_canvas']['side_note'] = $retinaSideNote;
+		} else {
+			$fields['each_item/author_canvas']['side_note'] = "";
+		}
 		
 		$fields['overall_list/heading_if_items']['hidden'] = 
 		$fields['overall_list/heading_tags']['hidden'] = 
@@ -55,6 +67,11 @@
 		
 		$hidden = !$values['each_item/show_sticky_images'];
 		$this->showHideImageOptions($fields, $values, 'each_item', $hidden);
+		if ($values['each_item/canvas'] != "unlimited") {
+			$fields['each_item/canvas']['side_note'] = $retinaSideNote;
+		} else {
+			$fields['each_item/canvas']['side_note'] = "";
+		}
 		
 		$fields['each_item/date_format']['hidden'] = 
 		$fields['each_item/show_times']['hidden'] = 
diff --git a/zenario/modules/zenario_content_list/tuix/admin_boxes/plugin_settings.yaml b/zenario/modules/zenario_content_list/tuix/admin_boxes/plugin_settings.yaml
index e9264878d..4c8da3693 100644
--- a/zenario/modules/zenario_content_list/tuix/admin_boxes/plugin_settings.yaml
+++ b/zenario/modules/zenario_content_list/tuix/admin_boxes/plugin_settings.yaml
@@ -447,26 +447,6 @@ plugin_settings:
                     indent: 2
                     validation:
                         required_if_not_hidden: Please choose a default image.
-                retina:
-                    indent: 1
-                    plugin_setting:
-                        name: retina
-                    label: 'Output a retina image'
-                    type: checkbox
-                    value: ""
-                    side_note: |
-                        <% if (zenarioAB.value('canvas') == 'unlimited') { %>
-                            Halve the width &amp; height at which the image is displayed,
-                            so it appears crisp on retina screens.
-                        <% } else { %>
-                            If the source image is large enough
-                            output the resized image at twice its displayed width &amp; height,
-                            so it appear crisp on retina screens.
-                            This will increase the download size.
-                            <br/>
-                            If the source image is not large enough this will have no effect.
-                        <% } %>
-                    enable_microtemplates_in_properties: true
                 canvas:
                     plugin_setting:
                         name: canvas
@@ -512,6 +492,16 @@ plugin_settings:
                     style: 'width: 5em;'
                     post_field_html: '&nbsp;pixels'
                     indent: 2
+                retina:
+                    indent: 2
+                    plugin_setting:
+                        name: retina
+                    label: 'This is a retina image'
+                    type: checkbox
+                    value: ""
+                    side_note: |
+                        Display image at double density.
+                    enable_microtemplates_in_properties: true
                 
                 show_dates:
                     plugin_setting:
@@ -613,21 +603,11 @@ plugin_settings:
                     indent: 1
                     plugin_setting:
                         name: author_retina
-                    label: 'Output a retina image'
+                    label: 'This is a retina image'
                     type: checkbox
                     value: ""
                     side_note: |
-                        <% if (zenarioAB.value('author_canvas') == 'unlimited') { %>
-                            Halve the width &amp; height at which the image is displayed,
-                            so it appears crisp on retina screens.
-                        <% } else { %>
-                            If the source image is large enough
-                            output the resized image at twice its displayed width &amp; height,
-                            so it appear crisp on retina screens.
-                            This will increase the download size.
-                            <br/>
-                            If the source image is not large enough this will have no effect.
-                        <% } %>
+                        Display image at double density.
                     enable_microtemplates_in_properties: true
                 show_times:
                     plugin_setting:
diff --git a/zenario/modules/zenario_document_container/frameworks/standard/framework.twig.html b/zenario/modules/zenario_document_container/frameworks/standard/framework.twig.html
index f8716e1be..499c90ca8 100644
--- a/zenario/modules/zenario_document_container/frameworks/standard/framework.twig.html
+++ b/zenario/modules/zenario_document_container/frameworks/standard/framework.twig.html
@@ -1,3 +1,4 @@
+<div class="hide_in_edit_mode document_container_wrap">
 {% if error == false %}
 	
 	{% if Documents or Download_Archive %}
@@ -67,4 +68,5 @@
 	{% if error == 'no_user' %}
 		<div id="no_user" class="error">You must be an extranet user to see this plugin</div>
 	{% endif %}
-{% endif %}
\ No newline at end of file
+{% endif %}
+</div>
\ No newline at end of file
diff --git a/zenario/modules/zenario_document_container/module_code.php b/zenario/modules/zenario_document_container/module_code.php
index ec0e14388..8c876d396 100644
--- a/zenario/modules/zenario_document_container/module_code.php
+++ b/zenario/modules/zenario_document_container/module_code.php
@@ -131,6 +131,9 @@ private function addToDocuments($document, $isUserDocument = false, $level = 1)
 				$this->getArchiveDownloadLink($document, array_keys($documents));
 			}
 			
+			//Folders should always be public.
+			$document['privacy'] = "public";
+			
 		} elseif ($document['type'] == 'file') {
 			$file = ze\row::get('files', ['filename', 'created_datetime', 'size', 'mime_type', 'privacy'], $document['file_id']);
 			$document['Document_Created'] = $file['created_datetime'];
diff --git a/zenario/modules/zenario_newsletter/classes/admin_boxes/newsletter.php b/zenario/modules/zenario_newsletter/classes/admin_boxes/newsletter.php
index 08db62b2d..4aeaadf9d 100644
--- a/zenario/modules/zenario_newsletter/classes/admin_boxes/newsletter.php
+++ b/zenario/modules/zenario_newsletter/classes/admin_boxes/newsletter.php
@@ -160,6 +160,7 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 				= '<span style="text-decoration:underline;">' . zenario_newsletter::getTrackerURL() . 'delete_account.php?t=XXXXXXXXXXXXXXX</span>';
 		$box['tabs']['unsub_exclude']['fields']['delete_account_text']['post_field_html'] 
 				= '<div id="delete_account_info">Preview: ' . $values['unsub_exclude/delete_account_text'] . ' <span style="text-decoration:underline;">' . zenario_newsletter::getTrackerURL() . 'delete_account.php?t=XXXXXXXXXXXXXXX</span></div>';
+		
 	}
 
 	public function formatAdminBox($path, $settingGroup, &$box, &$fields, &$values, $changes) {
@@ -309,6 +310,17 @@ public function formatAdminBox($path, $settingGroup, &$box, &$fields, &$values,
 				$box['tabs']['meta_data']['notices']['test_send_sucesses']['message'] = $success;
 			}
 		}
+		
+		
+		$newsletterConsentPolicy = ze::setting('zenario_newsletter__newsletter_consent_policy');
+		$values['unsub_exclude/exclude_recipients_with_no_consent'] = ($newsletterConsentPolicy == 'consent_required');
+		if (!$newsletterConsentPolicy) {
+			//If the newsletter consent flag is not set, show a link to the site settings tab
+			$link= ze\link::absolute() . 'zenario/admin/organizer.php#zenario__administration/panels/site_settings//zenario_newsletter__site_settings_group~.site_settings~tzenario_newsletter__site_settings~k' . urlencode('{"id":"zenario_newsletter__site_settings_group"}');
+			$fields['unsub_exclude/exclude_recipients_with_no_consent']['note_below'] = ze\admin::phrase('Select a flag that represents a recipients consent to recieve newsletters <a target="_blank" href="[[link]]">here</a>.', ['link' => $link]);
+		} else {
+			unset($fields['unsub_exclude/exclude_recipients_with_no_consent']['note_below']);
+		}
 	}
 	
 	public function validateAdminBox($path, $settingGroup, &$box, &$fields, &$values, $changes, $saving) {
@@ -319,7 +331,14 @@ public function validateAdminBox($path, $settingGroup, &$box, &$fields, &$values
 				ZENARIO_NEWSLETTER_PREFIX. 'newsletters',
 				['newsletter_name' => $values['meta_data/newsletter_name'], 'id' => ['!' => $box['key']['id']]]
 			)) {
-				$box['tabs']['meta_data']['errors'][] = ze\admin::phrase('Please ensure the Name you give this Newsletter is Unique.');
+				$box['tabs']['meta_data']['errors'][] = ze\admin::phrase('Please ensure the name you give this newsletter is unique.');
+			}
+		}
+		
+		if (ze\ring::engToBoolean($box['tabs']['unsub_exclude']['edit_mode']['on'] ?? false)) {
+			//The consent flag must be chosen in the site-settings to proceed
+			if (!ze::setting('zenario_newsletter__newsletter_consent_policy')) {
+				$fields['unsub_exclude/exclude_recipients_with_no_consent']['error'] = ze\admin::phrase('You have not yet selected a consent policy for users receiving newsletters');
 			}
 		}
 	}
diff --git a/zenario/modules/zenario_newsletter/classes/admin_boxes/site_settings.php b/zenario/modules/zenario_newsletter/classes/admin_boxes/site_settings.php
index a013812ea..37e5aafed 100644
--- a/zenario/modules/zenario_newsletter/classes/admin_boxes/site_settings.php
+++ b/zenario/modules/zenario_newsletter/classes/admin_boxes/site_settings.php
@@ -33,8 +33,11 @@ class zenario_newsletter__admin_boxes__site_settings extends zenario_newsletter
 	public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 		switch($settingGroup) {
 			case 'zenario_newsletter__site_settings_group':
-				$box['tabs']['zenario_newsletter__site_settings']['fields']['zenario_newsletter__all_newsletters_opt_out']['values'] =
-					ze\datasetAdm::listCustomFields('users', $flat = false, 'boolean_and_groups_only', $customOnly = true, $useOptGroups = true);
+				$fields['zenario_newsletter__all_newsletters_opt_out']['values'] =
+					ze\datasetAdm::listCustomFields('users', $flat = false, 'boolean_and_groups_only', $customOnly = true, $useOptGroups = true, $hideEmptyOptGroupParents = true);
+				
+				$fields['zenario_newsletter__newsletter_consent_flag']['values'] = 
+					ze\datasetAdm::listCustomFields('users', $flat = false, 'consent', $customOnly = false, $useOptGroups = true, $hideEmptyOptGroupParents = true);
 				break;
 		}
 	}
diff --git a/zenario/modules/zenario_newsletter/module_code.php b/zenario/modules/zenario_newsletter/module_code.php
index 74691368f..6a1107010 100644
--- a/zenario/modules/zenario_newsletter/module_code.php
+++ b/zenario/modules/zenario_newsletter/module_code.php
@@ -114,8 +114,7 @@ protected static function newsletterRecipientsPart($id, $mode, $smartGroupId) {
 			   ON ucd.user_id = u.id";
 		
 		$whereStatement = "
-			WHERE u.email != ''";
-		//AND u.status IN('active', 'contact')";
+			WHERE TRUE " . ze\row::whereCol('users', 'u', 'email', '!=', "");
 		
 		if (!ze\smartGroup::sql($whereStatement, $sql, $smartGroupId)) {
 			return false;
@@ -135,23 +134,37 @@ protected static function newsletterRecipientsPart($id, $mode, $smartGroupId) {
 				AND nul_". (int) $sentNewsletterId. ".user_id IS NULL";
 		}
 		
-		$cField = false;
-		if (($cFieldId = ze::setting('zenario_newsletter__all_newsletters_opt_out'))
-		 && ($cField = ze\dataset::fieldDetails($cFieldId))) {
+		//Exclude users who have opted out of newsletters
+		$optOutFlag = false;
+		if (($optOutFlagId = ze::setting('zenario_newsletter__all_newsletters_opt_out'))
+		 && ($optOutFlag = ze\dataset::fieldDetails($optOutFlagId))) {
 			$sql .= "
 				LEFT JOIN ". DB_PREFIX. "users_custom_data AS noo
 				   ON noo.user_id = u.id
-				  AND noo.`". ze\escape::sql($cField['db_column']). "` = 1";
+				  AND noo.`". ze\escape::sql($optOutFlag['db_column']). "` = 1";
+			$whereStatement .= "
+				AND noo.user_id IS NULL";
+		}
+		
+		//Exclude users who have not given consent to recieve newsletters
+		$consentFlag = false;
+		if (ze::setting('zenario_newsletter__newsletter_consent_policy') == 'consent_required'
+		 && ($consentFlagId = ze::setting('zenario_newsletter__newsletter_consent_flag'))
+		 && ($consentFlagId != 'no_consent_required')
+		 && ($consentFlag = ze\dataset::fieldDetails($consentFlagId))) {
+		 	
+		 	if ($consentFlag['is_system_field']) {
+				$whereStatement .= "
+					AND u.`". ze\escape::sql($consentFlag['db_column']). "` = 1";
+		 	} else {
+				$whereStatement .= "
+					AND ucd.`" . ze\escape::sql($consentFlag['db_column']) . "` = 1";
+		 	}
 		}
 
 		$sql .= "
 			". $whereStatement;
 		
-		if ($cField) {
-			$sql .= "
-			  AND noo.user_id IS NULL";
-		}
-
 		return $sql;
 	}
 	
diff --git a/zenario/modules/zenario_newsletter/tuix/admin_boxes/newsletter.yaml b/zenario/modules/zenario_newsletter/tuix/admin_boxes/newsletter.yaml
index b5ae327d4..3f1fe9f50 100644
--- a/zenario/modules/zenario_newsletter/tuix/admin_boxes/newsletter.yaml
+++ b/zenario/modules/zenario_newsletter/tuix/admin_boxes/newsletter.yaml
@@ -184,6 +184,10 @@ zenario_newsletter:
                     value: 1
                     readonly: true
                 
+                exclude_recipients_with_no_consent:
+                    label: Exclude recipients without consent to recieve newsletters
+                    type: checkbox
+                    readonly: true
                 
                 unsubscribe_link:
                     label: 'Unsubscribe link:'
diff --git a/zenario/modules/zenario_newsletter/tuix/admin_boxes/site_settings.yaml b/zenario/modules/zenario_newsletter/tuix/admin_boxes/site_settings.yaml
index 9ed943271..203d5fa74 100644
--- a/zenario/modules/zenario_newsletter/tuix/admin_boxes/site_settings.yaml
+++ b/zenario/modules/zenario_newsletter/tuix/admin_boxes/site_settings.yaml
@@ -51,7 +51,35 @@ site_settings:
                     empty_value: '-- Select --'
                     validation:
                         required: Please select the flag on the user/contact record that should be set when a recipient clicks an Unsubscribe link.
-            
+                
+                
+                zenario_newsletter__newsletter_consent_policy:
+                    label: 'Consent policy:'
+                    site_setting:
+                        name: zenario_newsletter__newsletter_consent_policy
+                    type: select
+                    empty_value: '-- Select --'
+                    values:
+                        consent_required:
+                            label: 'Users must consent to receiving newsletters (recommended)'
+                        no_consent_required:
+                            label: 'No consent required'
+                    redraw_onchange: true
+                    validation:
+                        required: Please choose a consent policy for newsletters.
+                    
+                zenario_newsletter__newsletter_consent_flag:
+                    indent: 1
+                    visible_if: zenarioAB.value('zenario_newsletter__newsletter_consent_policy') == 'consent_required'
+                    label: 'User consent flag:'
+                    side_note: 'The flag that indicates a user has consented to receive newsletters'
+                    site_setting:
+                        name: zenario_newsletter__newsletter_consent_flag
+                    type: select
+                    empty_value: '-- Select --'
+                    validation:
+                        required_if_not_hidden: Please select the flag on the user/contact record that shows consent to receive newsletters.
+                
                 zenario_newsletter__enable_opened_emails:
                     label: 'Enable opened-email tracking'
                     side_note: 'Check this option to enable tracking of opened emails.'
diff --git a/zenario/modules/zenario_user_forms/module_code.php b/zenario/modules/zenario_user_forms/module_code.php
index 6e1835bf5..24e1f36f7 100644
--- a/zenario/modules/zenario_user_forms/module_code.php
+++ b/zenario/modules/zenario_user_forms/module_code.php
@@ -57,7 +57,7 @@ public function init() {
 		//This plugin must have a form selected
 		if (!$formId) {
 			if (ze\admin::id()) {
-				$this->data['form_HTML'] = '<p class="error">' . ze\admin::phrase('You must select a form for this plugin.') . '</p>';
+				$this->data['form_HTML'] = '<p class="error">' . htmlspecialchars(ze\admin::phrase('You must select a form for this plugin.')) . '</p>';
 			}
 			return true;
 		}
@@ -73,9 +73,9 @@ public function init() {
 			if (isset($_GET['confirm_email']) && isset($_GET['hash'])) {
 				$user = ze\row::get('users', ['id', 'email_verified'], ['hash' => $_GET['hash']]);
 				if (!$user) {
-					$this->data['form_HTML'] = '<p class="error">' . static::fPhrase('We are sorry, but we were unable to find your registration. Please check whether the verification link is correct.', [], $t) . '</p>';
+					$this->data['form_HTML'] = '<p class="error">' . htmlspecialchars(static::fPhrase('We are sorry, but we were unable to find your registration. Please check whether the verification link is correct.', [], $t)) . '</p>';
 				} elseif ($user['email_verified']) {
-					$this->data['form_HTML'] = '<p class="success">' . static::fPhrase('This email address has already been verified.', [], $t) . '</p>';
+					$this->data['form_HTML'] = '<p class="success">' . htmlspecialchars(static::fPhrase('This email address has already been verified.', [], $t)) . '</p>';
 				} else {
 					ze\row::update('users', ['email_verified' => 1, 'status' => 'active'], $user['id']);
 					$this->sendWelcomeEmail($user['id']);
@@ -115,7 +115,7 @@ public function init() {
 						$user = ze\row::get('users', ['id'], ['email' => $value]);
 						$this->sendVerificationEmail($user['id']);
 						
-						$this->data['form_HTML'] = '<p class="success">' . static::fPhrase('Your verification email has been resent. Please be sure to check your spam/bulk mail folder.', [], $t) . '</p>';
+						$this->data['form_HTML'] = '<p class="success">' . htmlspecialchars(static::fPhrase('Your verification email has been resent. Please be sure to check your spam/bulk mail folder.', [], $t)) . '</p>';
 						return true;
 					}
 				}
@@ -125,22 +125,22 @@ public function init() {
 				$html .= '
 					<div class="form_fields">
 						<div class="form_field">
-						<div class="field_title">' . static::fPhrase('Email:', [], $t) . '</div>';
+						<div class="field_title">' . htmlspecialchars(static::fPhrase('Email:', [], $t)) . '</div>';
 				if ($error && !$this->form['show_errors_below_fields']) {
 					$html .= '
-						<div class="form_error">' . static::fPhrase($error, [], $t) . '</div>';
+						<div class="form_error">' . htmlspecialchars(static::fPhrase($error, [], $t)) . '</div>';
 				}
 				$html .= '
 						<input type="text" name="email" value="' . $value . '">';
 				if ($error && $this->form['show_errors_below_fields']) {
 					$html .= '
-						<div class="form_error">' . static::fPhrase($error, [], $t) . '</div>';
+						<div class="form_error">' . htmlspecialchars(static::fPhrase($error, [], $t)) . '</div>';
 				}
 				$html .= '
 						</div>
 					</div>';
 				$html .= '<div class="form_buttons">';
-				$html .= '<input type="submit" class="next submit" value="' . static::fPhrase('Resend verification email', [], $t) . '"/>';
+				$html .= '<input type="submit" class="next submit" value="' . htmlspecialchars(static::fPhrase('Resend verification email', [], $t)) . '"/>';
 				$html .= '</div>';
 				
 				$html .= $this->closeForm();
@@ -162,13 +162,13 @@ public function init() {
 			$privacy = ze\row::get('translation_chains', 'privacy', ['equiv_id' => $equivId, 'type' => $this->cType]);
 			if ($privacy == 'public') {
 				if (ze\admin::id()) {
-					$this->data['form_HTML'] = '<p class="error">' . ze\admin::phrase('This form has the "save and complete later" feature enabled and so must be placed on a password-protected page.') . '</p>';
+					$this->data['form_HTML'] = '<p class="error">' . htmlspecialchars(ze\admin::phrase('This form has the "save and complete later" feature enabled and so must be placed on a password-protected page.')) . '</p>';
 				}
 				return true;
 			}
 			if (!$this->userId) {
 				if (ze\admin::id()) {
-					$this->data['form_HTML'] = '<p class="error">' . ze\admin::phrase('You must be logged in as an Extranet User to see this Plugin.') . '</p>';
+					$this->data['form_HTML'] = '<p class="error">' . htmlspecialchars(ze\admin::phrase('You must be logged in as an Extranet User to see this Plugin.')) . '</p>';
 				}
 				return true;
 			}
@@ -212,7 +212,7 @@ public function init() {
 		//Logged in user duplicate submission check
 		if ($this->userId && $this->form['no_duplicate_submissions']) {
 			if (ze\row::exists(ZENARIO_USER_FORMS_PREFIX . 'user_response', ['user_id' => $this->userId, 'form_id' => $formId])) {
-				$html = '<p class="info">' . static::fPhrase($this->form['duplicate_submission_message'], [], $t) . '</p>';
+				$html = '<p class="info">' . htmlspecialchars(static::fPhrase($this->form['duplicate_submission_message'], [], $t)) . '</p>';
 				$html .= $this->getCloseButtonHTML();
 				$this->cssClass .= ' no_title';
 				$this->data['form_HTML'] = $html;
@@ -437,27 +437,27 @@ protected function getExtranetLinksHTML($links) {
 			$html .= '<div class="extranet_links">';
 			$cID = $cType = false;
 			if (!empty($links['resend'])) {
-				$html .= '<div><a ' . $this->refreshPluginSlotAnchor('&extranet_resend=1') . '>' . static::fPhrase('Resend verification email', [], $t) . '</a></div>';
-				$html .= '<div class="extranet_link_desc">' . static::fPhrase('Use this if you have previously registered but not received your verification email.', [], $t) . '</div>';
+				$html .= '<div><a ' . $this->refreshPluginSlotAnchor('&extranet_resend=1') . '>' . htmlspecialchars(static::fPhrase('Resend verification email', [], $t)) . '</a></div>';
+				$html .= '<div class="extranet_link_desc">' . htmlspecialchars(static::fPhrase('Use this if you have previously registered but not received your verification email.', [], $t)) . '</div>';
 			}
 			if (!empty($links['register'])) {
 				if (ze\content::langSpecialPage('zenario_registration', $cID, $cType)) {
-					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . static::fPhrase('Register', [], $t) . '</a></div>';
+					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . htmlspecialchars(static::fPhrase('Register', [], $t)) . '</a></div>';
 				}
 			}
 			if (!empty($links['login'])) {
 				if (ze\content::langSpecialPage('zenario_login', $cID, $cType) && !$this->userId) {
-					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . static::fPhrase('Go back to Login', [], $t) . '</a></div>';
+					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . htmlspecialchars(static::fPhrase('Go back to Login', [], $t)) . '</a></div>';
 				}
 			}
 			if (!empty($links['change_password'])) {
 				if (ze\content::langSpecialPage('zenario_change_password', $cID, $cType)) {
-					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . static::fPhrase('Change your password', [], $t) . '</a></div>';
+					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . htmlspecialchars(static::fPhrase('Change your password', [], $t)) . '</a></div>';
 				}
 			}
 			if (!empty($links['logout'])) {
 				if (ze\content::langSpecialPage('zenario_logout', $cID, $cType)) {
-					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . static::fPhrase('Logout', [], $t) . '</a></div>';
+					$html .= '<div><a ' . $this->linkToItemAnchor($cID, $cType) . '>' . htmlspecialchars(static::fPhrase('Logout', [], $t)) . '</a></div>';
 				}
 			}
 			$html .= '</div>';
@@ -852,15 +852,15 @@ public static function getFormSummaryHTML($responseId, $formId = false, $data =
 						$html .= '<tr><td colspan="2" class="subheader_description">' . $field['description'] . '</td></tr>';
 					}
 				} else {
-					$display = '';
+					$displayHTML = '';
 					if (isset($field['value'])) {
-						$display = static::getFieldDisplayValue($field, $field['value'], true);
+						$displayHTML = static::getFieldDisplayValue($field, $field['value'], true, $includeDownloadLinks = 'visitor');
 					}
 					if (isset($field['row']) && !empty($field['firstRepeatBlockField'])) {
 						$rows = count($fields[$field['repeat_start_id']]['rows']);
-						$html .= '<tr><td colspan="2" class="subheader">(' . $field['row'] . ' / ' . $rows . ')</td></tr>';
+						$html .= '<tr><td colspan="2" class="subheader">(' . (int)$field['row'] . ' / ' . (int)$rows . ')</td></tr>';
 					}
-					$html .= '<tr><td>' . htmlspecialchars($label) . '</td><td>' . $display . '</td></tr>';
+					$html .= '<tr><td>' . htmlspecialchars($label) . '</td><td>' . $displayHTML . '</td></tr>';
 				}
 			}
 		}
@@ -1245,7 +1245,7 @@ public static function getRepeatFieldId($fieldId, $row) {
 	private function getFormHTML($pageId) {
 		$t = $this->form['translate_text'];
 		$html = '';
-		$html .= '<div id="' . $this->containerId . '_form_wrapper" class="form_wrapper';
+		$html .= '<div id="' . htmlspecialchars($this->containerId) . '_form_wrapper" class="form_wrapper';
 		if ($this->inFullScreen) {
 			$html .= ' in_fullscreen';
 		}
@@ -1271,18 +1271,18 @@ private function getFormHTML($pageId) {
 				if ($printButtonPages) {
 					$printButtonPages = explode(',', $printButtonPages);
 					if (in_array($this->pages[$pageId]['ord'], $printButtonPages)) {
-						$topButtonsHTML .= '<div id="' . $this->containerId . '_print_page" class="print_page">' . static::fPhrase('Print', [], $t) . '</div>';
+						$topButtonsHTML .= '<div id="' . htmlspecialchars($this->containerId) . '_print_page" class="print_page">' . htmlspecialchars(static::fPhrase('Print', [], $t)) . '</div>';
 						
 					}
 				}
 			}
 			//Fullscreen
 			if ($this->setting('show_fullscreen_button')) {
-				$topButtonsHTML .= '<div id="' . $this->containerId . '_fullscreen" class="fullscreen_button"';
+				$topButtonsHTML .= '<div id="' . htmlspecialchars($this->containerId) . '_fullscreen" class="fullscreen_button"';
 				if ($this->inFullScreen) {
 					$topButtonsHTML .= ' style="display:none;"';
 				}
-				$topButtonsHTML .= '>' . static::fPhrase('Fullscreen', [], $t) . '</div>';
+				$topButtonsHTML .= '>' . htmlspecialchars(static::fPhrase('Fullscreen', [], $t)) . '</div>';
 			}
 		}
 		if ($topButtonsHTML) {
@@ -1321,7 +1321,7 @@ private function getFormHTML($pageId) {
 				}
 				
 				$hasPageVisibleOnSwitcher = true;
-				$switcherHTML .= '<li data-page="' . $tPageId . '" ';
+				$switcherHTML .= '<li data-page="' . htmlspecialchars($tPageId) . '" ';
 				if ($tPage['hidden']) {
 					$switcherHTML .= ' style="display:none;"';
 				}
@@ -1352,7 +1352,7 @@ private function getFormHTML($pageId) {
 					$switcherHTML .= $this->getVisibleConditionDataValuesHTML($tPage, $pageId);
 					$extraClasses .= ' visible_on_condition';
 				}
-				$switcherHTML .= 'class="step step_' . ($step++) . ' ' . $extraClasses . '">' . $tPage['name'] . '</li>';
+				$switcherHTML .= 'class="step step_' . (int)($step++) . ' ' . htmlspecialchars($extraClasses) . '">' . htmlspecialchars($tPage['name']) . '</li>';
 			}
 			$switcherHTML .= '</ul></div>';
 			if ($hasPageVisibleOnSwitcher) {
@@ -1362,21 +1362,21 @@ private function getFormHTML($pageId) {
 		
 		//Global errors and messages
 		if (isset($this->errors['global_top'])) {
-			$html .= '<div class="form_error global top">' . static::fPhrase($this->errors['global_top'], [], $t) . '</div>';
+			$html .= '<div class="form_error global top">' . htmlspecialchars(static::fPhrase($this->errors['global_top'], [], $t)) . '</div>';
 		} elseif (isset($this->messages['global_top'])) {
-			$html .= '<div class="success global top">' . static::fPhrase($this->messages['global_top'], [], $t) . '</div>';
+			$html .= '<div class="success global top">' . htmlspecialchars(static::fPhrase($this->messages['global_top'], [], $t)) . '</div>';
 		}
 		
-		$html .= '<div id="' . $this->containerId . '_user_form" class="user_form">';
+		$html .= '<div id="' . htmlspecialchars($this->containerId) . '_user_form" class="user_form">';
 		$html .= $this->openForm($onSubmit = '', $extraAttributes = 'enctype="multipart/form-data"', $action = false, $scrollToTopOfSlot = true);
 		//Hidden input for SIMPLE_ACCESS cookie rediection
 		if ($this->form['simple_access_cookie_override_redirect'] && isset($_REQUEST['rci'])) {
-			$html .= '<input type="hidden" name="rci" value="' . $_REQUEST['rci'] . '"/>';
+			$html .= '<input type="hidden" name="rci" value="' . htmlspecialchars($_REQUEST['rci']) . '"/>';
 		}
 		if ($this->form['partial_completion_get_request']) {
 			$html .= '<input type="hidden" name="' . htmlspecialchars($this->form['partial_completion_get_request']) . '" value="' . (int)($_REQUEST[$this->form['partial_completion_get_request']] ?? false) . '"/>';
 		}
-		$html .= '<input type="hidden" name="formPageHash" value="' . $this->formPageHash . '"/>';
+		$html .= '<input type="hidden" name="formPageHash" value="' . htmlspecialchars($this->formPageHash) . '"/>';
 		//Hidden input to tell whether the form has been submitted
 		$html .= '<input type="hidden" name="reloaded" value="1"/>';
 		//Hidden input to tell whether the form is in fullscreen or not
@@ -1403,7 +1403,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 		$t = $this->form['translate_text'];
 		$isMultiPageForm = count($this->pages) > 1;
 		if ($isMultiPageForm) {
-			$html .= '<fieldset id="' . $this->containerId . '_page_' . $pageId . '" class="page_' . $this->pages[$pageId]['ord'] . '">';
+			$html .= '<fieldset id="' . htmlspecialchars($this->containerId) . '_page_' . htmlspecialchars($pageId) . '" class="page_' . (int)$this->pages[$pageId]['ord'] . '">';
 		}
 		
 		$onLastPage = ($pageId == end($this->pages)['id']);
@@ -1420,7 +1420,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 		$repeatFieldWrapDivOpen = false;
 		
 		if ($this->form['enable_summary_page'] && $onLastPage) {
-			$html .= '<p>' . static::fPhrase("You're nearly done, please check your details before submitting.", [], $t) . '</p>';
+			$html .= '<p>' . htmlspecialchars(static::fPhrase("You're nearly done, please check your details before submitting.", [], $t)) . '</p>';
 			$data = [];
 			foreach ($this->fields as $fieldId => $field) {
 				$data[$fieldId] = $this->getFieldCurrentValue($fieldId);
@@ -1434,12 +1434,12 @@ protected function getFieldsHTML($pageId, $readonly) {
 			
 			if ($this->form['enable_summary_page_required_checkbox']) {
 				if (isset($this->errors['summary_required_checkbox']) && !$this->form['show_errors_below_fields']) {
-					$html .= '<div class="form_error">' . $this->errors['summary_required_checkbox'] . '</div>';
+					$html .= '<div class="form_error">' . htmlspecialchars($this->errors['summary_required_checkbox']) . '</div>';
 				}
 				$html .= '
 					<div class="form_field field_checkbox">
-						<input id="' . $this->containerId . '_summary_required_checkbox" type="checkbox" name="summary_required_checkbox">
-						<label class="field_title" for="' . $this->containerId . '_summary_required_checkbox">' . static::fPhrase($this->form['summary_page_required_checkbox_label'], [], $t) . '</label>
+						<input id="' . htmlspecialchars($this->containerId) . '_summary_required_checkbox" type="checkbox" name="summary_required_checkbox">
+						<label class="field_title" for="' . htmlspecialchars($this->containerId) . '_summary_required_checkbox">' . static::fPhrase($this->form['summary_page_required_checkbox_label'], [], $t) . '</label>
 					</div>';
 				if (isset($this->errors['summary_required_checkbox']) && $this->form['show_errors_below_fields']) {
 					$html .= '<div class="form_error">' . $this->errors['summary_required_checkbox'] . '</div>';
@@ -1451,7 +1451,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 				if ($field['type'] == 'repeat_start') {
 					$html .= $this->getWrapperDivHTML($field, $wrapDivOpen, $currentDivWrapClass);
 					//Repeat start div
-					$html .= '<div id="' . $this->containerId . '_repeat_block_' . $fieldId . '" data-id="' . $fieldId . '" class="repeat_block repeat_block_' . $fieldId;
+					$html .= '<div id="' . htmlspecialchars($this->containerId) . '_repeat_block_' . (int)$fieldId . '" data-id="' . (int)$fieldId . '" class="repeat_block repeat_block_' . (int)$fieldId;
 					if ($field['css_classes']) {
 						$html .= ' ' . htmlspecialchars($field['css_classes']);
 					}
@@ -1466,11 +1466,11 @@ protected function getFieldsHTML($pageId, $readonly) {
 						$html .= $this->getVisibleConditionDataValuesHTML($field, $pageId);
 					}
 					$html .= '>';
-					$html .= '<input type="hidden" name="' . static::getFieldName($fieldId) . '" value="' . implode(',', $field['rows']) . '">';
+					$html .= '<input type="hidden" name="' . htmlspecialchars(static::getFieldName($fieldId)) . '" value="' . htmlspecialchars(implode(',', $field['rows'])) . '">';
 				
 					//Repeat start title
 					if ($field['label']) {
-						$html .= '<div class="field_title">' . static::fPhrase($field['label'], [], $t) . '</div>';
+						$html .= '<div class="field_title">' . htmlspecialchars(static::fPhrase($field['label'], [], $t)) . '</div>';
 					}
 				
 					$html .= '<div class="repeat_rows">';
@@ -1507,7 +1507,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 						}
 						$html .= '</div>';
 						if (!empty($field['repeatBlockDeleteButton'])) {
-							$html .= '<div class="delete" data-row="' . $field['row'] . '">' . static::fPhrase('Delete', [], $t) . '</div>';
+							$html .= '<div class="delete" data-row="' . (int)$field['row'] . '">' . static::fPhrase('Delete', [], $t) . '</div>';
 						}
 						$html .= '</div>';
 					}
@@ -1533,7 +1533,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 		$html .= '</div>';
 		
 		if (isset($this->errors['global_bottom'])) {
-			$html .= '<div class="form_error global bottom">' . static::fPhrase($this->errors['global_bottom'], [], $t) . '</div>';
+			$html .= '<div class="form_error global bottom">' . htmlspecialchars(static::fPhrase($this->errors['global_bottom'], [], $t)) . '</div>';
 		}
 		
 		$html .= '<div class="form_buttons">';
@@ -1545,7 +1545,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 		
 		//Previous page button
 		if ($isMultiPageForm && $this->pages[$pageId]['ord'] > 1) {
-			$html .= '<input type="button" value="' . static::fPhrase($this->pages[$pageId]['previous_button_text'], [], $t) . '" class="previous"/>';
+			$html .= '<input type="button" value="' . htmlspecialchars(static::fPhrase($this->pages[$pageId]['previous_button_text'], [], $t)) . '" class="previous"/>';
 		}
 		
 		$button = $this->getCustomButtons($pageId, $onLastPage, 'center');
@@ -1555,11 +1555,11 @@ protected function getFieldsHTML($pageId, $readonly) {
 		
 		//Next page button
 		if ($isMultiPageForm && !$onLastPage) {
-			$html .= '<input type="button" value="' . static::fPhrase($this->pages[$pageId]['next_button_text'], [], $t) . '" class="next"/>';
+			$html .= '<input type="button" value="' . htmlspecialchars(static::fPhrase($this->pages[$pageId]['next_button_text'], [], $t)) . '" class="next"/>';
 		}
 		//Final submit button
 		if ($this->showSubmitButton() && $onLastPage) {
-			$html .= '<input type="button" class="next submit" value="' . static::fPhrase($this->form['submit_button_text'], [], $t) . '"/>';
+			$html .= '<input type="button" class="next submit" value="' . htmlspecialchars(static::fPhrase($this->form['submit_button_text'], [], $t)) . '"/>';
 		}
 		
 		$button = $this->getCustomButtons($pageId, $onLastPage, 'last');
@@ -1574,7 +1574,7 @@ protected function getFieldsHTML($pageId, $readonly) {
 		$html .= '</div>';
 		
 		if ($isMultiPageForm) {
-			$html .= '<input type="hidden" name="current_page" value="' . $pageId . '"/>';
+			$html .= '<input type="hidden" name="current_page" value="' . htmlspecialchars($pageId) . '"/>';
 			$html .= '</fieldset>';
 		}
 		return $html;
@@ -1584,7 +1584,7 @@ private function getPartialSaveButtonHTML() {
 		$html = '';
 		if ($this->form['allow_partial_completion'] && ($this->form['partial_completion_mode'] == 'button' || $this->form['partial_completion_mode'] == 'auto_and_button')) {
 			$t = $this->form['translate_text'];
-			$html .= '<div class="complete_later"><input type="button" class="saveLater" value="' . static::fPhrase('Save and complete later', [], $t) . '" data-message="' . htmlspecialchars(static::fPhrase('You are about to save this part-completed form, so that you can return to it later. Save now?', [], $t)) . '"/></div>';
+			$html .= '<div class="complete_later"><input type="button" class="saveLater" value="' . htmlspecialchars(static::fPhrase('Save and complete later', [], $t)) . '" data-message="' . htmlspecialchars(static::fPhrase('You are about to save this part-completed form, so that you can return to it later. Save now?', [], $t)) . '"/></div>';
 		}
 		return $html;
 	}
@@ -1619,12 +1619,12 @@ private function getHoneypotHTML() {
 	    $t = $this->form['translate_text'];
 	    $html = '<div class="form_field honeypot" style="display:none;">';
 	    if ($this->form['honeypot_label']) {
-	        $html .= '<div class="field_title">' . static::fPhrase($this->form['honeypot_label'], [], $t) . '</div>';
+	        $html .= '<div class="field_title">' . htmlspecialchars(static::fPhrase($this->form['honeypot_label'], [], $t)) . '</div>';
 	    }
 	    if (isset($this->errors['honeypot'])) {
-	        $html .= '<div class="form_error">' . static::fPhrase($this->errors['honeypot'], [], $t) . '</div>';
+	        $html .= '<div class="form_error">' . htmlspecialchars(static::fPhrase($this->errors['honeypot'], [], $t)) . '</div>';
 	    }
-	    $html .= '<input type="text" name="field_hp" value="' . ($_POST['field_hp'] ?? '') . '" maxlength="100"/>';
+	    $html .= '<input type="text" name="field_hp" value="' . htmlspecialchars($_POST['field_hp'] ?? '') . '" maxlength="100"/>';
 	    $html .= '</div>';
 	    return $html;
 	}
@@ -1675,8 +1675,8 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($hidden) {
 					$html .= ' autocomplete="hidden-field"';
 				}
-				$html .= ' name="' . $fieldName . '" id="' . $fieldElementId . '"/>';
-				$html .= '<label class="field_title" for="' . $fieldElementId . '">' . htmlspecialchars(static::fPhrase($field['label'], [], $t)) . '</label>';
+				$html .= ' name="' . htmlspecialchars($fieldName) . '" id="' . htmlspecialchars($fieldElementId) . '"/>';
+				$html .= '<label class="field_title" for="' . htmlspecialchars($fieldElementId) . '">' . htmlspecialchars(static::fPhrase($field['label'], [], $t)) . '</label>';
 				break;
 			
 			case 'restatement':
@@ -1708,8 +1708,8 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 						}
 					}
 					
-					$html .= '<div id="' . $this->containerId . '_field_' . $fieldId . '_calculation_code" style="display:none;">';
-					$html .= json_encode($calculationCode);
+					$html .= '<div id="' . htmlspecialchars($this->containerId) . '_field_' . htmlspecialchars($fieldId) . '_calculation_code" style="display:none;">';
+					$html .= htmlspecialchars(json_encode($calculationCode));
 					$html .= '</div>';
 				}
 				
@@ -1724,8 +1724,8 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 							$autocompleteFieldLOV[] = $listValue;
 						}
 					
-						$autocompleteHTML .= '<div class="suggested_values_json" data-id="' . $fieldId . '" style="display:none;">';
-						$autocompleteHTML .= json_encode($autocompleteFieldLOV);
+						$autocompleteHTML .= '<div class="suggested_values_json" data-id="' . htmlspecialchars($fieldId) . '" style="display:none;">';
+						$autocompleteHTML .= htmlspecialchars(json_encode($autocompleteFieldLOV));
 						$autocompleteHTML .= '</div>';
 					} elseif ($field['autocomplete'] && $field['values_source']) {
 						$fieldLOV = $this->getFieldCurrentLOV($fieldId);
@@ -1738,7 +1738,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 							$readonly = true;
 						}
 					
-						$autocompleteHTML .= '<div class="autocomplete_json" data-id="' . $fieldId . '" style="display:none;"';
+						$autocompleteHTML .= '<div class="autocomplete_json" data-id="' . htmlspecialchars($fieldId) . '" style="display:none;"';
 						//Add data attribute for JS events if other fields need to update when this field changes
 						if (ze\row::exists(ZENARIO_USER_FORMS_PREFIX . 'user_form_fields', ['filter_on_field' => $fieldId])) {
 							$autocompleteHTML .= ' data-source_field="1"';
@@ -1750,12 +1750,12 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 						}
 					
 						$autocompleteHTML .= '>';
-						$autocompleteHTML .= json_encode($autocompleteFieldLOV);
+						$autocompleteHTML .= htmlspecialchars(json_encode($autocompleteFieldLOV));
 						$autocompleteHTML .= '</div>';
 					
-						$autocompleteHTML .= '<input type="hidden" name="' . $fieldName  . '" ';
+						$autocompleteHTML .= '<input type="hidden" name="' . htmlspecialchars($fieldName)  . '" ';
 						if (isset($fieldLOV[$value])) {
-							$autocompleteHTML .= ' value="' . $value . '"';
+							$autocompleteHTML .= ' value="' . htmlspecialchars($value) . '"';
 							$value = $fieldLOV[$value];
 						} else {
 							$value = '';
@@ -1771,7 +1771,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($field['field_validation'] == 'email') {
 					$fieldInputType = 'email';
 				}
-				$html .= '<input type="' . $fieldInputType . '"';
+				$html .= '<input type="' . htmlspecialchars($fieldInputType) . '"';
 				if ($readonly) {
 					$html .= ' readonly ';
 				}
@@ -1779,12 +1779,12 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					$html .= ' autocomplete="hidden-field" ';
 				}
 				if ($useTextFieldName) {
-					$html .= ' name="' . $fieldName . '"';
+					$html .= ' name="' . htmlspecialchars($fieldName) . '"';
 				}
-				$html .= ' id="' . $fieldElementId . '"';
+				$html .= ' id="' . htmlspecialchars($fieldElementId) . '"';
 				//Data vars to help caculated fields
 				if ($field['repeat_start_id']) {
-					$html .= ' data-repeated="1" data-repeated_row="' . $field['row'] . '" data-repeat_id="' . $field['repeat_start_id'] . '"';
+					$html .= ' data-repeated="1" data-repeated_row="' . htmlspecialchars($field['row']) . '" data-repeat_id="' . htmlspecialchars($field['repeat_start_id']) . '"';
 				}
 				if ($value !== false) {
 					$html .= ' value="' . htmlspecialchars($value) . '"';
@@ -1808,7 +1808,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 						$maxlength = 100;
 						break;
 				}	
-				$html .= ' maxlength="' . $maxlength . '" />';
+				$html .= ' maxlength="' . htmlspecialchars($maxlength) . '" />';
 				$html .= $autocompleteHTML;
 				break;
 				
@@ -1833,18 +1833,18 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					$html .= ' readonly';
 				}
 				
-				$html .= ' id="' . $fieldElementId . '"/>';
-				$html .= '<input type="hidden" name="' . $fieldName . '" id="' . $fieldElementId . '__0"';
+				$html .= ' id="' . htmlspecialchars($fieldElementId) . '"/>';
+				$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" id="' . htmlspecialchars($fieldElementId) . '__0"';
 				if ($value !== false) {
 					$html .= ' value="' . htmlspecialchars($value) . '"';
 				}
 				$html .= '/>';
-				$html .= '<input type="button" class="clear_date" value="x" id="' . $fieldElementId . '__clear"/>';
+				$html .= '<input type="button" class="clear_date" value="x" id="' . htmlspecialchars($fieldElementId) . '__clear"/>';
 				break;
 				
 			case 'textarea':
 				if ($field['predefined_text_target_id'] && ze::setting('zenario_user_forms_enable_predefined_text')) {
-					$html .= '<input type="button" class="set_predefined_text" value="' . htmlspecialchars($field['predefined_text_button_label']) . '" data-id="' . $fieldId . '"/>';
+					$html .= '<input type="button" class="set_predefined_text" value="' . htmlspecialchars($field['predefined_text_button_label']) . '" data-id="' . htmlspecialchars($fieldId) . '"/>';
 				}
 				$html .= '<textarea rows="4" cols="51"';
 				if ($field['placeholder'] !== '' && $field['placeholder'] !== null) {
@@ -1856,7 +1856,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($hidden) {
 					$html .= ' autocomplete="hidden-field" ';
 				}
-				$html .= ' name="' . $fieldName . '" id="' . $fieldElementId . '">';
+				$html .= ' name="' . htmlspecialchars($fieldName) . '" id="' . htmlspecialchars($fieldElementId) . '">';
 				if ($value !== false) {
 					$html .= htmlspecialchars($value);
 				}
@@ -1864,12 +1864,12 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				break;
 				
 			case 'section_description':
-				$description = static::fPhrase($field['description'], [], $t);
+				$descriptionHTML = static::fPhrase($field['description'], [], $t);
 				//If no tags...
-				if ($description == strip_tags($description)) {
-					$description = nl2br('<p>' . $description . '</p>');
+				if ($descriptionHTML == strip_tags($descriptionHTML)) {
+					$descriptionHTML = nl2br('<p>' . $descriptionHTML . '</p>');
 				}
-				$html .= '<div class="description">' . $description . '</div>';
+				$html .= '<div class="description">' . $descriptionHTML . '</div>';
 				break;
 				
 			case 'radios':
@@ -1881,7 +1881,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					$items = count($fieldLOV);
 					$rows = ceil($items/$cols);
 					$currentRow = $currentCol = 1;
-					$html .= ' columns_' . $cols;
+					$html .= ' columns_' . (int)$cols;
 					$keys = array_keys($fieldLOV);
 					$lastValue = end($keys);
 				}
@@ -1900,15 +1900,15 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					if ($hidden) {
 						$valueHTML .= ' autocomplete="hidden-field" ';
 					}
-					$valueHTML .= ' name="'. $fieldName. '" id="' . $radioElementId . '"/>';
-					$valueHTML .= '<label for="' . $radioElementId . '">' . static::fPhrase($label, [], $t) . '</label></div>'; 
+					$valueHTML .= ' name="'. htmlspecialchars($fieldName). '" id="' . htmlspecialchars($radioElementId) . '"/>';
+					$valueHTML .= '<label for="' . htmlspecialchars($radioElementId) . '">' . htmlspecialchars(static::fPhrase($label, [], $t)) . '</label></div>'; 
 					
 					if (($cols > 1) && ($currentRow > $rows)) {
 						$currentRow = 1;
 						$currentCol++;
 					}
 					if (($cols > 1) && ($currentRow == 1)) {
-						$html .= '<div class="col_' . $currentCol . ' column">';
+						$html .= '<div class="col_' . (int)$currentCol . ' column">';
 					}
 					$html .= $valueHTML;
 					if (($cols > 1) && (($currentRow++ == $rows) || ($lastValue == $valueId))) {
@@ -1918,7 +1918,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				$html .= '</div>';
 				
 				if ($readonly && !empty($value)) {
-					$html .= '<input type="hidden" name="' . $fieldName . '" value="'.htmlspecialchars($value).'" />';
+					$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="'.htmlspecialchars($value).'" />';
 				}
 				break;
 				
@@ -1940,19 +1940,19 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					if ($hidden) {
 						$html .= ' autocomplete="hidden-field" ';
 					}
-					$html .= ' name="'. $fieldName. '" id="' . $radioElementId . '"/>';
-					$html .= '<label for="' . $radioElementId . '">';
+					$html .= ' name="'. htmlspecialchars($fieldName). '" id="' . htmlspecialchars($radioElementId) . '"/>';
+					$html .= '<label for="' . htmlspecialchars($radioElementId) . '">';
 					//Make sure to use system country phrases if showing a list of countries
 					if ($isCountryList && $t) {
-						$html .= ze\lang::phrase('_COUNTRY_NAME_' . $valueId, [], 'zenario_country_manager');
+						$html .= htmlspecialchars(ze\lang::phrase('_COUNTRY_NAME_' . $valueId, [], 'zenario_country_manager'));
 					} else {
-						$html .= static::fPhrase($label, [], $t);
+						$html .= htmlspecialchars(static::fPhrase($label, [], $t));
 					}
 					$html .= '</label>';
 					$html .= '</div>'; 
 				}
 				if ($readonly && !empty($value)) {
-					$html .= '<input type="hidden" name="' . $fieldName . '" value="'.htmlspecialchars($value).'" />';
+					$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="'.htmlspecialchars($value).'" />';
 				}
 				break;
 			
@@ -1965,18 +1965,18 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($hidden) {
 					$html .= ' autocomplete="hidden-field" ';
 				}
-				$html .= ' name="' . $fieldName . '" id="' . $fieldElementId . '">';
-				$html .= '<option value="">' . static::fPhrase('-- Select --', [], $t) . '</option>';
+				$html .= ' name="' . htmlspecialchars($fieldName) . '" id="' . htmlspecialchars($fieldElementId) . '">';
+				$html .= '<option value="">' . htmlspecialchars(static::fPhrase('-- Select --', [], $t)) . '</option>';
 				foreach ($fieldLOV as $valueId => $label) {
 					$html .= '<option value="' . htmlspecialchars($valueId) . '"';
 					if ($valueId == $value) {
 						$html .= ' selected="selected" ';
 					}
-					$html .= '>' . static::fPhrase($label, [], $t) . '</option>';
+					$html .= '>' . htmlspecialchars(static::fPhrase($label, [], $t)) . '</option>';
 				}
 				$html .= '</select>';
 				if ($readonly) {
-					$html .= '<input type="hidden" name="' . $fieldName . '" value="' . htmlspecialchars($value) . '"/>';
+					$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="' . htmlspecialchars($value) . '"/>';
 				}
 				break;
 				
@@ -1990,13 +1990,13 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($hidden) {
 					$html .= ' autocomplete="hidden-field" ';
 				}
-				$html .= ' name="' . $fieldName . '" id="' . $fieldElementId . '"';
+				$html .= ' name="' . htmlspecialchars($fieldName) . '" id="' . htmlspecialchars($fieldElementId) . '"';
 				//Add class for JS events if other fields need to update when this field changes
 				if (ze\row::exists(ZENARIO_USER_FORMS_PREFIX . 'user_form_fields', ['filter_on_field' => $fieldId])) {
 					$html .= ' class="source_field"';
 				}
 				$html .= '>';
-				$html .= '<option value="">' . static::fPhrase('-- Select --', [], $t) . '</option>';
+				$html .= '<option value="">' . htmlspecialchars(static::fPhrase('-- Select --', [], $t)) . '</option>';
 				foreach ($fieldLOV as $valueId => $label) {
 					$valueId = (string)$valueId;
 					$html .= '<option value="' . htmlspecialchars($valueId) . '"';
@@ -2006,15 +2006,15 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					$html .= '>';
 					//Make sure to use system country phrases if showing a list of countries
 					if ($isCountryList && $t) {
-						$html .= ze\lang::phrase('_COUNTRY_NAME_' . $valueId, [], 'zenario_country_manager');
+						$html .= htmlspecialchars(ze\lang::phrase('_COUNTRY_NAME_' . $valueId, [], 'zenario_country_manager'));
 					} else {
-						$html .= static::fPhrase($label, [], $t);
+						$html .= htmlspecialchars(static::fPhrase($label, [], $t));
 					}
 					$html .= '</option>';
 				}
 				$html .= '</select>';
 				if ($readonly) {
-					$html .= '<input type="hidden" name="' . $fieldName . '" value="' . htmlspecialchars($value) . '"/>';
+					$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="' . htmlspecialchars($value) . '"/>';
 				}
 				break;
 			
@@ -2027,7 +2027,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					$items = count($fieldLOV);
 					$rows = ceil($items/$cols);
 					$currentRow = $currentCol = 1;
-					$html .= ' columns_' . $cols;
+					$html .= ' columns_' . (int)$cols;
 					$keys = array_keys($fieldLOV);
 					$lastValue = end($keys);
 				}
@@ -2038,7 +2038,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					$checkboxElementId = $fieldElementId . '_' . $valueId;
 					
 					$selected = $value && in_array($valueId, $value);
-					$checkBoxHtml .= '<div class="field_checkbox ' . ($selected ? 'checked' : '') . '"><input type="checkbox" data-value="' . $valueId . '"';
+					$checkBoxHtml .= '<div class="field_checkbox ' . ($selected ? 'checked' : '') . '"><input type="checkbox" data-value="' . htmlspecialchars($valueId) . '"';
 					if ($selected) {
 						$checkBoxHtml .= ' checked="checked"';
 					}
@@ -2048,12 +2048,12 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 					if ($hidden) {
 						$checkBoxHtml .= ' autocomplete="hidden-field" ';
 					}
-					$checkBoxHtml .= ' name="' . $name . '" id="' . $checkboxElementId . '"/>';
+					$checkBoxHtml .= ' name="' . htmlspecialchars($name) . '" id="' . htmlspecialchars($checkboxElementId) . '"/>';
 					
 					if ($readonly && $selected) {
-						$checkBoxHtml .= '<input type="hidden" name="' . $name . '" value="' . $selected . '" />';
+						$checkBoxHtml .= '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($selected) . '" />';
 					}
-					$checkBoxHtml .= '<label for="' . $checkboxElementId . '">' . static::fPhrase($label, [], $t) . '</label></div>';
+					$checkBoxHtml .= '<label for="' . htmlspecialchars($checkboxElementId) . '">' . htmlspecialchars(static::fPhrase($label, [], $t)) . '</label></div>';
 					
 					
 					if (($cols > 1) && ($currentRow > $rows)) {
@@ -2061,7 +2061,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 						$currentCol++;
 					}
 					if (($cols > 1) && ($currentRow == 1)) {
-						$html .= '<div class="col_' . $currentCol . ' column">';
+						$html .= '<div class="col_' . (int)$currentCol . ' column">';
 					}
 					$html .= $checkBoxHtml;
 					if (($cols > 1) && (($currentRow++ == $rows) || ($lastValue == $valueId))) {
@@ -2075,10 +2075,10 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($value || $readonly) {
 					$filename = basename($value);
 					$html .= '<div class="field_data">' . htmlspecialchars($filename) . '</div>';
-					$html .= '<input type="button" data-id="' . $fieldId . '" value="' . static::fPhrase('Remove', [], $t) . '" class="remove_attachment">';
-					$html .= '<input type="hidden" name="' . $fieldName . '" value="' . htmlspecialchars($value) . '" />';
+					$html .= '<input type="button" data-id="' . htmlspecialchars($fieldId) . '" value="' . htmlspecialchars(static::fPhrase('Remove', [], $t)) . '" class="remove_attachment">';
+					$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="' . htmlspecialchars($value) . '" />';
 				} else {
-					$html .= '<input type="file" name="' . $fieldName . '"/>';
+					$html .= '<input type="file" name="' . htmlspecialchars($fieldName) . '"/>';
 				}
 				break;
 			
@@ -2086,28 +2086,27 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				if ($readonly) {
 					$json = json_encode($value, JSON_FORCE_OBJECT);
 					$html .= '<div class="files">';
-					$html .= '<input type="hidden" name="' . $fieldName . '" value="' . htmlspecialchars($json) . '"/>';
+					$html .= '<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="' . htmlspecialchars($json) . '"/>';
 					if ($value) {
 						foreach ($value as $fileId => $file) {
 							$html .= '<div class="file_row">';
-							$html .= '<p><a href="' . $file['path'] . '" target="_blank">' . $file['name'] . '</a></p>';
+							$html .= '<p><a href="' . htmlspecialchars($file['path']) . '" target="_blank">' . htmlspecialchars($file['name']) . '</a></p>';
 							$html .= '</div>';
 						}
 					} else {
-						$html .= static::fPhrase('No file found', [], $t);
+						$html .= htmlspecialchars(static::fPhrase('No file found', [], $t));
 					}
 					$html .= '</div>';
 				} else {
 					$json = json_encode($value, JSON_FORCE_OBJECT);
-					$multiple = $field['multiple_select'] ? 'multiple' : '';
 					$html .= '
-						<input type="hidden" name="' . $fieldName . '" value="' . htmlspecialchars($json) . '"/>
+						<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="' . htmlspecialchars($json) . '"/>
 						<div class="files"></div>
 						<div class="progress" style="display:none;">
 							<div class="progress_bar" style="background:green;height:5px;"></div>
 						</div>
-						<div class="file_upload_button"><span>' . static::fPhrase('Upload file', [], $t) . '</span>
-							<input class="file_picker_field" type="file" name="file_upload[]" ' . $multiple . '>
+						<div class="file_upload_button"><span>' . htmlspecialchars(static::fPhrase('Upload file', [], $t)) . '</span>
+							<input class="file_picker_field" type="file" name="file_upload[]" ' . htmlspecialchars($field['multiple_select'] ? 'multiple' : '') . '>
 						</div>';
 				}
 				break;
@@ -2136,14 +2135,14 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 				$json = json_encode($value, JSON_FORCE_OBJECT);
 				
 				$html .= '
-					<input type="hidden" name="' . $fieldName . '" value="' . htmlspecialchars($json) . '"/>
+					<input type="hidden" name="' . htmlspecialchars($fieldName) . '" value="' . htmlspecialchars($json) . '"/>
 					<div class="files_preview">' . $previewHTML . '</div>
-					<input type="button" class="open_popup_1" value="' . static::fPhrase('Upload', [], $t) . '">
+					<input type="button" class="open_popup_1" value="' . htmlspecialchars(static::fPhrase('Upload', [], $t)) . '">
 					<div class="overlay_1" style="display:none;">
 						<div class="popup_1">
 							<span class="close">×</span>
 							<div class="header">
-								<h3>' . static::fPhrase('Upload files', [], $t) . '</h3>
+								<h3>' . htmlspecialchars(static::fPhrase('Upload files', [], $t)) . '</h3>
 							</div>
 							<div class="content">
 								<div class="files" style="min-height:200px;min-width:500px;border-style:solid;">
@@ -2155,18 +2154,18 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 							</div>
 							<div class="footer">
 								<div class="section_wrap">
-									<label>' . static::fPhrase('Select files to upload', [], $t) . '</label>
+									<label>' . htmlspecialchars(static::fPhrase('Select files to upload', [], $t)) . '</label>
 									<div class="button">
-										<span>' . static::fPhrase('Browse files', [], $t) . '</span>
+										<span>' . htmlspecialchars(static::fPhrase('Browse files', [], $t)) . '</span>
 										<input class="upload_complete_files" type="file" name="file_upload[]" multiple>
 									</div>
 								</div>
 								<div class="section_wrap">
-									<label>' . static::fPhrase('Upload multiple images as a single PDF', [], $t) . '</label>
-									<input type="button" class="open_popup_2" value="' . static::fPhrase('Start...', [], $t) . '">
+									<label>' . htmlspecialchars(static::fPhrase('Upload multiple images as a single PDF', [], $t)) . '</label>
+									<input type="button" class="open_popup_2" value="' . htmlspecialchars(static::fPhrase('Start...', [], $t)) . '">
 								</div>
 								<div class="section_wrap save">
-									<input type="button" class="save" value="' . static::fPhrase('Save', [], $t) . '">
+									<input type="button" class="save" value="' . htmlspecialchars(static::fPhrase('Save', [], $t)) . '">
 								</div>
 							</div>
 						</div>
@@ -2175,10 +2174,10 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 						<div class="popup_2">
 							<span class="close">×</span>
 							<div class="header">
-								<h3>' . static::fPhrase('PDF creator', [], $t) . '</h3>
+								<h3>' . htmlspecialchars(static::fPhrase('PDF creator', [], $t)) . '</h3>
 							</div>
 							
-							<p>' . static::fPhrase('Click the button or drag to upload images. You\'re able to drag to re-order and rotate the images. When you\'re happy, click "combine" to make a PDF.', [], $t) . '</p>
+							<p>' . htmlspecialchars(static::fPhrase('Click the button or drag to upload images. You\'re able to drag to re-order and rotate the images. When you\'re happy, click "combine" to make a PDF.', [], $t)) . '</p>
 							
 							<div class="content">
 								<div class="files" style="min-height:200px;min-width:500px;border-style:solid;">
@@ -2190,18 +2189,18 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 							</div>
 							<div class="footer">
 								<div class="section_wrap">
-									<label>' . static::fPhrase('Upload multiple images', [], $t) . '</label>
+									<label>' . htmlspecialchars(static::fPhrase('Upload multiple images', [], $t)) . '</label>
 									<div class="button">
-										<span>' . static::fPhrase('Browse files', [], $t) . '</span>
+										<span>' . htmlspecialchars(static::fPhrase('Browse files', [], $t)) . '</span>
 										<input class="upload_file_fragments" type="file" name="file_upload[]" multiple accept="image/jpeg,image/gif,image/png">
 									</div>
 								</div>
 								<div class="section_wrap">
-									<label>' . static::fPhrase('Filename', [], $t) . '</label>
-									<input type="text" class="filename" value="' . $fileName . '" ' . $fileNameReadonly . '>.pdf
+									<label>' . htmlspecialchars(static::fPhrase('Filename', [], $t)) . '</label>
+									<input type="text" class="filename" value="' . htmlspecialchars($fileName) . '" ' . htmlspecialchars($fileNameReadonly) . '>.pdf
 								</div>
 								<div class="section_wrap save">
-									<input type="button" class="combine" value="' . static::fPhrase('Combine', [], $t) . '">
+									<input type="button" class="combine" value="' . htmlspecialchars(static::fPhrase('Combine', [], $t)) . '">
 								</div>
 							</div>
 						</div>
@@ -2214,16 +2213,16 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 		}
 		
 		if (!empty($field['note_to_user'])) {
-			$html .= '<div class="note_to_user">'. static::fPhrase($field['note_to_user'], [], $t) .'</div>';
+			$html .= '<div class="note_to_user">'. static::fPhrase($field['note_to_user'], [], $t) .'</div>'; //can be HTML
 		}
 		
 		//Field containing div open
-		$containerHTML = '<div id="' . $this->containerId . '_field_' . $fieldId . '" data-id="' . $fieldId . '" ';
+		$containerHTML = '<div id="' . htmlspecialchars($this->containerId) . '_field_' . htmlspecialchars($fieldId) . '" data-id="' . htmlspecialchars($fieldId) . '" ';
 		if ($field['visibility'] == 'visible_on_condition') {
 			$containerHTML .= $this->getVisibleConditionDataValuesHTML($field, $pageId);
 		}
 		if ($field['type'] == 'restatement') {
-			$containerHTML .= ' data-fieldid="' . $field['restatement_field'] . '"';
+			$containerHTML .= ' data-fieldid="' . htmlspecialchars($field['restatement_field']) . '"';
 		} elseif ($field['type'] == 'calculated') {
 			if ($field['value_prefix']) {
 				$containerHTML .= ' data-prefix="' . htmlspecialchars($field['value_prefix']) . '"';
@@ -2233,7 +2232,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 			}
 		} elseif ($field['type'] == 'document_upload') {
 			if ($field['combined_filename'] && $field['stop_user_editing_filename']) {
-				$containerHTML .= ' data-filename="' . $field['combined_filename'] . '"';
+				$containerHTML .= ' data-filename="' . htmlspecialchars($field['combined_filename']) . '"';
 			}
 		}
 		//Check if field is hidden (ignoring the repeat)
@@ -2242,12 +2241,12 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 		}
 		
 		//Containing div css classes
-		$containerHTML .= ' class="form_field field_' . $field['type'] . ' ' . htmlspecialchars($field['css_classes']);
+		$containerHTML .= ' class="form_field field_' . htmlspecialchars($field['type']) . ' ' . htmlspecialchars($field['css_classes']);
 		if ($field['repeat_start_id']) {
 			$idParts = explode('_', $fieldId);
 			if (count($idParts) == 2) {
 				$parentFieldId = $idParts[0];
-				$containerHTML .= ' field_' . $parentFieldId . '_repeat';
+				$containerHTML .= ' field_' . htmlspecialchars($parentFieldId) . '_repeat';
 			}
 		}
 		if ($readonly) {
@@ -2259,7 +2258,7 @@ private function getFieldHTML($fieldId, $pageId, $readonly) {
 		if (isset($this->errors[$fieldId])) {
 			$containerHTML .= ' has_error';
 		}
-		$containerHTML .= ' ' . $extraClasses;
+		$containerHTML .= ' ' . htmlspecialchars($extraClasses);
 		$containerHTML .= '">';
 		
 		$html = $containerHTML . $html . '</div>';
@@ -3034,7 +3033,7 @@ private function saveForm() {
 		$fieldIdValueLink = [];
 		foreach ($this->fields as $fieldId => $field) {
 			$this->fields[$fieldId]['value'] = $this->getFieldCurrentValue($fieldId);
-			$fieldIdValueLink[$fieldId] = $this->getFieldStorableValue($fieldId);
+			$fieldIdValueLink[$fieldId] = static::getFieldStorableValue($field, $this->fields[$fieldId]['value']);
 			
 			if (!empty($field['is_consent'])) {
 				$consentFields[] = $fieldId;
@@ -3327,12 +3326,12 @@ private function sendUnformattedFormEmail($startLine, $email, $mergeFields = [],
 		$nameFrom = ze::setting('email_name_from');
 		
 		$body =
-			'<p>' . $startLine . '</p>
-			<p>The form "' . $formName . '" was submitted with the following data:</p>';
+			'<p>' . htmlspecialchars($startLine) . '</p>
+			<p>The form "' . htmlspecialchars($formName) . '" was submitted with the following data:</p>';
 		
 		if ($this->form['send_email_to_admin'] && !$this->form['admin_email_use_template']) {
 			if (!empty($mergeFields['breadcrumbs'])) {
-				$body .= '<p>Page submitted from: ' . $mergeFields['breadcrumbs'] . '</p>';
+				$body .= '<p>Page submitted from: ' . htmlspecialchars($mergeFields['breadcrumbs']) . '</p>';
 			}
 		}
 		
@@ -3344,40 +3343,21 @@ private function sendUnformattedFormEmail($startLine, $email, $mergeFields = [],
 				case 'restatement':
 					continue 2;
 			}
-			$display = static::getFieldDisplayValue($field, $field['value']);
-			if ($adminDownloadLinks) {
-				switch ($field['type']) {
-					case 'attachment':
-						if ($field['value']) {
-							$fileId = $this->getFieldStorableValue($fieldId);
-							$display = '<a href="' . ze\link::absolute() . 'zenario/file.php?adminDownload=1&id=' . $fileId . '" target="_blank">' . $display . '</a>';
-						}
-						break;
-					case 'file_picker':
-					case 'document_upload':
-						$display = [];
-						$fileIds = $this->getFieldStorableValue($fieldId);
-						if ($fileIds) {
-							$fileIds = $this->getFieldValueFromStored($field, $fileIds);
-							foreach ($fileIds as $fileId => $file) {
-								$display[] = '<a href="' . ze\link::absolute() . 'zenario/file.php?adminDownload=1&id=' . $fileId . '" target="_blank">' . $file['name'] . '</a>';
-							}
-						}
-						$display = implode(', ', $display);
-						break;
-				}
-			}
-			if ($field['type'] == 'textarea' && $display) {
-				$display = '<br>' . $display;
+			
+			
+			$includeDownloadLinks = $adminDownloadLinks ? 'admin' : false;
+			$displayHTML = static::getFieldDisplayValue($field, $field['value'], $html = true, $includeDownloadLinks);
+			if ($field['type'] == 'textarea' && $displayHTML) {
+				$displayHTML = '<br>' . $displayHTML;
 			}
-			$body .= '<p>' . trim($field['name'], " \t\n\r\0\x0B:") . ': ' . $display . '</p>';
+			$body .= '<p>' . htmlspecialchars(trim($field['name'], " \t\n\r\0\x0B:")) . ': ' . $displayHTML . '</p>';
 		}
 		
 		$url = ze\link::toItem(ze::$cID, ze::$cType, true, '', false, false, true);
 		if (!$url) {
 			$url = ze\link::absolute();
 		}
-		$body .= '<p>This is an auto-generated email from ' . $url . '</p>';
+		$body .= '<p>This is an auto-generated email from ' . htmlspecialchars($url) . '</p>';
 		
 		zenario_email_template_manager::sendEmails($email, $subject, $addressFrom, $nameFrom, $body, [], $attachments, [], 0, false, $replyToEmail, $replyToName);
 	}
@@ -3467,7 +3447,7 @@ private function saveUserLinkedFields($userId, $userData = [], $merge = false) {
 						$canSave = !ze\row::exists('custom_dataset_files_link', ['dataset_id' => $dataset['id'], 'field_id' => $datasetFieldId, 'linking_id' => $userId]);
 					}
 					if ($canSave) {
-						$value = $this->getFieldStorableValue($fieldId);
+						$value = static::getFieldStorableValue($field, $value);
 						$values = static::getFieldValueFromStored($field, $value);
 						$userCustomFilePickerValues[$datasetFieldId] = [];
 						foreach ($values as $fileId => $file) {
@@ -3488,7 +3468,7 @@ private function saveUserLinkedFields($userId, $userData = [], $merge = false) {
 					}
 					
 					if ($field['type'] == 'repeat_start') {
-						$value = $this->getFieldStorableValue($fieldId);
+						$value = static::getFieldStorableValue($field, $value);
 					}
 					
 					if ($field['invert_dataset_result']) {
@@ -3577,7 +3557,7 @@ private function createFormResponse($userId, $rating = 0, $tolerence = 0, $block
 					}
 				}
 			
-				$value = $this->getFieldStorableValue($fieldId);
+				$value = static::getFieldStorableValue($field, $field['value']);
 				ze\row::insert(ZENARIO_USER_FORMS_PREFIX . 'user_response_data', ['user_response_id' => $responseId, 'form_field_id' => $field['id'], 'value' => $value, 'field_row' => $row]);
 			}
 		}
@@ -3624,10 +3604,7 @@ public static function getFieldDisplayValueFromStored($field, $storedValue) {
 	}
 	
 	
-	private function getFieldStorableValue($fieldId) {
-		$field = $this->fields[$fieldId];
-		$value = $this->getFieldCurrentValue($fieldId);
-		
+	public static function getFieldStorableValue($field, $value) {
 		switch ($field['type']) {
 			case 'checkboxes':
 				return $value ? implode(',', $value) : '';
@@ -3688,27 +3665,29 @@ public static function getFieldValueFromStored($field, $value) {
 	// - Loaded (values used in the form module code)
 	// - Display (Presentable format for viewing data)
 	//This function takes loaded data for the $value parameter
-	public static function getFieldDisplayValue($field, $value, $html = false) {
+	public static function getFieldDisplayValue($field, $value, $html = false, $includeDownloadLinks = false) {
+		$display = '';
 		switch ($field['type']) {
 			case 'checkbox':
 			case 'group':
-				return $value ? 'Yes' : 'No';
+				$display = $value ? 'Yes' : 'No';
+				break;
 			case 'radios':
 			case 'select':
-				return $value ? static::getFormFieldValueLabel($field['dataset_field_id'], $value) : '';
+				$display = $value ? static::getFormFieldValueLabel($field['dataset_field_id'], $value) : '';
+				break;
 			case 'checkboxes':
 				if ($value) {
 					$labels = [];
 					foreach ($value as $valueId) {
 						$labels[] = static::getFormFieldValueLabel($field['dataset_field_id'], $valueId);
 					}
-					return implode(', ', $labels);
+					$display = implode(', ', $labels);
 				}
-				return '';
+				break;
 			case 'date':
-				return ze\date::format($value, '_MEDIUM');
-			case 'textarea':
-				return nl2br($value);
+				$display = ze\date::format($value, '_MEDIUM');
+				break;
 			case 'centralised_radios':
 			case 'centralised_select':
 				if ($field['dataset_field_id']) {
@@ -3716,42 +3695,58 @@ public static function getFieldDisplayValue($field, $value, $html = false) {
 				} else {
 					$lov = ze\dataset::centralisedListValues($field['values_source'], $field['values_source_filter']);
 				}
-				return $lov[$value] ?? '';
+				$display = $lov[$value] ?? '';
+				break;
 			case 'attachment':
-				if ($value) {
-					$fileId = ze\file::addToDatabase('forms', CMS_ROOT . $value);
+				if ($value && ($fileId = static::getFieldStorableValue($field, $value))) {
 					$file = ze\row::get('files', ['filename'], $fileId);
 					if ($file) {
-						if ($html) {
-							return '<a target="_blank" href="' . ze\file::link($fileId) . '">' . $file['filename'] . '</a>';
+						if ($html && $includeDownloadLinks == 'visitor') {
+							return '<a href="' . htmlspecialchars(ze\file::link($fileId)) . '" target="_blank">' . htmlspecialchars($file['filename']) . '</a>';
+						} elseif ($html && $includeDownloadLinks == 'admin') {
+							return '<a href="' . htmlspecialchars(ze\link::absolute()) . 'zenario/file.php?adminDownload=1&id=' . (int)$fileId . '" target="_blank">' . htmlspecialchars($file['filename']) . '</a>';
 						} else {
-							return $file['filename'];
+							$display = $file['filename'];
 						}
 					} else {
-						return 'Unknown file';
+						$display = 'Unknown file';
 					}
 				}
-				return '';
+				break;
 			case 'file_picker':
 			case 'document_upload':
-				if ($value) {
+				if ($value && ($fileIds = static::getFieldStorableValue($field, $value))) {
 					$fileList = [];
-					foreach ($value as $fileId => $file) {
-						$fileId = ze\file::addToDatabase('forms', CMS_ROOT . $file['path']);
-						if ($html) {
-							$fileList[] = '<a target="_blank" href="' . ze\file::link($fileId) . '">' . $file['name'] . '</a>';
+					foreach (explode(',', $fileIds) as $fileId) {
+						$file = ze\row::get('files', ['filename'], $fileId);
+						if ($html && $includeDownloadLinks == 'visitor') {
+							$fileList[] = '<a href="' . htmlspecialchars(ze\file::link($fileId)) . '" target="_blank">' . htmlspecialchars($file['filename']) . '</a>';
+						} elseif ($html && $includeDownloadLinks == 'admin') {
+							$fileList[] = '<a href="' . htmlspecialchars(ze\link::absolute()) . 'zenario/file.php?adminDownload=1&id=' . (int)$fileId . '" target="_blank">' . htmlspecialchars($file['filename']) . '</a>';
 						} else {
-							$fileList[] = $file['name'];
+							$fileList[] = $file['filename'];
 						}
 					}
-					return implode(', ', $fileList);
+					$display = implode(', ', $fileList);
+					if ($html) {
+						return $display;
+					}
 				}
-				return '';
+				break;
 			case 'repeat_start':
-				return is_array($value) ? count($value) : 0;
+				$display = is_array($value) ? count($value) : 0;
+				break;
 			default:
-				return $value;
+				$display = $value;
+				break;
+		}
+		if ($html) {
+			$display = htmlspecialchars($display);
+			if ($field['type'] == 'textarea') {
+				$display = nl2br($display);
+			}
 		}
+		return $display;
 	}
 	
 	private function createFormPartialResponse() {
@@ -3782,7 +3777,7 @@ private function createFormPartialResponse() {
 				$rows = $this->fields[$field['repeat_start_id']]['rows'];
 				$row = array_search($field['row'], $rows) + 1;
 			}
-			$value = $this->getFieldStorableValue($fieldId);
+			$value = static::getFieldStorableValue($field, $field['value']);
 			
 			ze\row::insert(ZENARIO_USER_FORMS_PREFIX . 'user_partial_response_data', ['user_partial_response_id' => $responseId, 'form_field_id' => $field['id'], 'value' => $value, 'field_row' => $row]);
 		}
@@ -3871,7 +3866,7 @@ private function getCaptchaHTML() {
 		$t = $this->form['translate_text'];
 		$html = '<div class="form_field captcha">';
 		if (isset($this->errors['captcha']) && !$this->form['show_errors_below_fields']) {
-			$html .= '<div class="form_error">' . static::fPhrase($this->errors['captcha'], [], $t) . '</div>';
+			$html .= '<div class="form_error">' . htmlspecialchars(static::fPhrase($this->errors['captcha'], [], $t)) . '</div>';
 		}
 		if ($this->form['captcha_type'] == 'math') {
 			$html .= $this->mathCaptcha();
@@ -3879,7 +3874,7 @@ private function getCaptchaHTML() {
 			$html .= $this->captcha2();
 		}
 		if (isset($this->errors['captcha']) && $this->form['show_errors_below_fields']) {
-			$html .= '<div class="form_error">' . static::fPhrase($this->errors['captcha'], [], $t) . '</div>';
+			$html .= '<div class="form_error">' . htmlspecialchars(static::fPhrase($this->errors['captcha'], [], $t)) . '</div>';
 		}
 		$html .= '</div>';
 		return $html;
@@ -3893,23 +3888,23 @@ private function getCaptchaHTML() {
 	protected function getWelcomePageHTML() {
 		$t = $this->form['translate_text'];
 		$user = ze\row::get('users', ['first_name', 'last_name'], $this->userId);
-		return '<p class="success">' . static::fPhrase('Welcome, [[first_name]] [[last_name]]', $user, $t) . '</p>';
+		return '<p class="success">' . htmlspecialchars(static::fPhrase('Welcome, [[first_name]] [[last_name]]', $user, $t)) . '</p>';
 	}
 	
 	protected function getSuccessMessageHTML() {
 		$t = $this->form['translate_text'];
 		
 		if ($this->form['type'] == 'registration') {
-			$successMessage = static::fPhrase('Thank you for registering.<br> You have been sent an email with a verification link. You should check your spam/bulk mail if you do not see it soon. Please click the link in the email to verify your account.', [], $t);
+			$successMessageHTML = static::fPhrase('Thank you for registering.<br> You have been sent an email with a verification link. You should check your spam/bulk mail if you do not see it soon. Please click the link in the email to verify your account.', [], $t);
 
 		} elseif ($this->form['success_message']) {
-			$successMessage = nl2br(static::fPhrase($this->form['success_message'], [], $t));
+			$successMessageHTML = nl2br(static::fPhrase($this->form['success_message'], [], $t));
 		} elseif (ze\admin::id()) {
-			$successMessage = ze\admin::phrase('Your success message will go here when you set it.');
+			$successMessageHTML = ze\admin::phrase('Your success message will go here when you set it.');
 		} else {
-			$successMessage = 'Form submission successful!';
+			$successMessageHTML = 'Form submission successful!';
 		}
-		return '<div class="success">' . $successMessage . '</div>';
+		return '<div class="success">' . $successMessageHTML . '</div>';
 	}
 	
 	protected function getModalWindowButtonHTML() {
@@ -3929,8 +3924,8 @@ protected function getPartialSaveResumeFormHTML() {
 		$html  = '<div class="resume_box">';
 		$html .= $this->openForm('if (this.submited && !confirm("' . htmlspecialchars($this->phrase("Are you sure you want to clear all your data?")) . '")) { return false; }');
 		$html .= '<p>' . static::fPhrase($this->form['clear_partial_data_message'], [], $t) . '</p>';
-		$html .= '<input type="submit" onclick="this.form.submited = false" name="resume" value="' . static::fPhrase('Resume', [], $t) . '">';
-		$html .= '<input type="submit" onclick="this.form.submited = true" name="clear" value="' . static::fPhrase('Clear', [], $t) . '">';
+		$html .= '<input type="submit" onclick="this.form.submited = false" name="resume" value="' . htmlspecialchars(static::fPhrase('Resume', [], $t)) . '">';
+		$html .= '<input type="submit" onclick="this.form.submited = true" name="clear" value="' . htmlspecialchars(static::fPhrase('Clear', [], $t)) . '">';
 		$html .= $this->closeForm();
 		$html .= '</div>';
 		return $html;
@@ -3946,7 +3941,7 @@ protected function getVisibleConditionDataValuesHTML($field, $pageId) {
 	protected function getCloseButtonHTML() {
 		$html = '';
 		if ($this->displayMode == 'inline_popup') {
-			$html .= '<div class="close" onclick="zenario_user_forms.toggleForm(\'' . $this->containerId . '\')">Close</div>';
+			$html .= '<div class="close" onclick="zenario_user_forms.toggleForm(\'' . htmlspecialchars($this->containerId) . '\')">Close</div>';
 		}
 		return $html;
 	}
@@ -3988,7 +3983,7 @@ protected function getFormTitle($overwrite = false) {
 		if ($title && !empty($this->form['title_tag'])) {
 			$html = '<' . htmlspecialchars($this->form['title_tag']);
 			if ($this->displayMode == 'inline_popup') {
-				$html .= ' onclick="zenario_user_forms.toggleForm(\'' . $this->containerId . '\')"';
+				$html .= ' onclick="zenario_user_forms.toggleForm(\'' . htmlspecialchars($this->containerId) . '\')"';
 			}
 			$html .= '>';
 			$html .= static::fPhrase($title, [], $t);
@@ -4480,7 +4475,7 @@ protected function getPredefinedTextFormFields($formId, $targets, $triggers, $fi
 				AND uff.id = ' . (int)$fieldId;
 		} elseif ($targets || $triggers) {
 			$sql .= '
-				AND uff.user_form_id = ' . (int)$formId;;
+				AND uff.user_form_id = ' . (int)$formId;
 			if ($targets) {
 				$sql .= '
 					AND (uff.field_type = "textarea" || cdf.type = "textarea")';
@@ -4659,8 +4654,9 @@ public function calculate($input){
             // Calculate the result
             if(preg_match(self::PATTERN, $input, $match)){
                 $result = $this->compute($match[0]);
+            } else {
+            	$result = 0;
             }
-            $result = 0;
         }
         
         restore_error_handler();
diff --git a/zenario/styles/admin_organizer.css b/zenario/styles/admin_organizer.css
index 783ff99bf..79306fdb5 100644
--- a/zenario/styles/admin_organizer.css
+++ b/zenario/styles/admin_organizer.css
@@ -5392,7 +5392,6 @@ table.table-bordered td
 }
 
 .zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video {
-	background: url('../libs/manually_maintained/mit/jssor/images/icon-play-black.png') no-repeat center;
 	border:2px solid #FFF;
 }
 
diff --git a/zenario/styles/admin_organizer.min.css b/zenario/styles/admin_organizer.min.css
index 485e4c3bf..977ee1c78 100644
--- a/zenario/styles/admin_organizer.min.css
+++ b/zenario/styles/admin_organizer.min.css
@@ -500,10 +500,9 @@ table.table-bordered td{padding:4px}.organizer_item_image.zenario_file_item{back
 .zenario_tutorial .main_video{background-color:#000}.zenario_tutorial .other_videos #zenario_tutorial_other_videos .zenario_slideshow_wrapper{margin-top:20px}
 .zenario_tutorial .other_videos #zenario_tutorial_other_videos .no_other_videos{line-height:150px}.zenario_tutorial .other_videos #zenario_tutorial_other_videos .no_other_videos p{font-size:16px;font-weight:700;margin:0;text-align:center}
 .zenario_tutorial .other_videos #zenario_tutorial_other_videos .organizer_slideshow #navigator{position:relative;top:170px;display:none}.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides{left:70px;width:85%;top:20px}
-.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video{background:url('../libs/manually_maintained/mit/jssor/images/icon-play-black.png') no-repeat center;border:2px solid #FFF}
-.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video.selected{border-color:#01d103}.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video.selected .video_title{background:#01d103;text-shadow:1px 1px #333}
-#zenario_tutorial_other_videos div.slides{height:154px !important}.zenario_tutorial .zenario_tutorial_video_banner{height:40px;width:97%;background-color:#333}
-.zenario_tutorial .zenario_tutorial_video_banner h1,.zenario_tutorial .zenario_tutorial_video_banner{color:#fff;font-size:1.2em;font-weight:700;margin:0;padding:0;line-height:40px;text-align:left;padding-left:3%}
+.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video{border:2px solid #FFF}.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video.selected{border-color:#01d103}
+.zenario_tutorial .other_videos #zenario_tutorial_other_videos .slides .video.selected .video_title{background:#01d103;text-shadow:1px 1px #333}#zenario_tutorial_other_videos div.slides{height:154px !important}
+.zenario_tutorial .zenario_tutorial_video_banner{height:40px;width:97%;background-color:#333}.zenario_tutorial .zenario_tutorial_video_banner h1,.zenario_tutorial .zenario_tutorial_video_banner{color:#fff;font-size:1.2em;font-weight:700;margin:0;padding:0;line-height:40px;text-align:left;padding-left:3%}
 .zenario_tutorial_cbox #cboxTitle{display:none !important}.zenario_tutorial_cbox #cboxLoadedContent{margin-bottom:0}.zenario_tutorial_cbox #cboxContent{background:#f4f4f4}
 span.video_title{position:absolute;bottom:0;background:#333;display:block;padding:2px 8px;color:#fff;text-align:center;left:0;right:0}.zenario_tutorial_cbox #cboxClose{position:absolute;top:9px;right:8px;display:block;width:23px;height:23px;text-indent:-9999px}
 #organizer_collectionPanelButtons_no_items ul{padding-left:0}.zenario_show_colobox_above_fab #cboxLoadedContent{padding-bottom:28px}#organizer_colsortfields .zenario_remove_date{background:#333;color:#fff;border:0;cursor:pointer;position:relative;bottom:1px}
diff --git a/zenario/styles/fea/assetwolf_portal_common.css b/zenario/styles/fea/assetwolf_portal_common.css
index d69190904..cff5209b0 100644
--- a/zenario/styles/fea/assetwolf_portal_common.css
+++ b/zenario/styles/fea/assetwolf_portal_common.css
@@ -171,6 +171,12 @@ table.table_list tr th:last-child {
 	width:220px;
 }
 
+.zfea_assetwolf_list_data_pools.aw_list table tr th.sorted_buttons,
+.zfea_assetwolf_list_data_pools.aw_list table tr td.sorted_buttons {
+	width:auto;
+	white-space:nowrap;
+}
+
 .zfea table tr th.sorted_buttons,
 .zfea table tr td.sorted_buttons,
 .zfea_assetwolf_edit_data_pool_type table tr th:last-child,
@@ -205,11 +211,11 @@ table tr td.no_items_message:last-child {
 	margin-right:20px;
 }
 
-/*	Styles for the list schema plugin.
+/*	Number styles
 --------------------------------------------------------------------------------------------------*/
 
-.zfea_assetwolf_list_schemas .col_value_for__usage {
-	/*background: radial-gradient(circle at center, rgba(255,0,0,1) 0%, rgba(255,0,0,1) 50%, rgba(255,255,255,0) 51%, rgba(255,255,255,0) 100%);*/
+.zfea_assetwolf_list_schemas .col_value_for__usage,
+.comms_wrap .comms_number {
 	position:relative;
 	top:-10px;
 	float:right;
@@ -218,14 +224,24 @@ table tr td.no_items_message:last-child {
 	line-height:18px;
 	padding-top:0;
 	font-size:10px;
-	background:red;
+	background:#333;
 	color: white;
+	font-style:italic;
+	font-weight:normal !important;
 	text-align: center;
 	-webkit-border-radius:50%;
 	-moz-border-radius:50%;
 	border-radius:50%;
 }
 
+.comms_wrap .comms_number {
+	top:5px;
+	left:-5px;
+}
+
+/*	Styles for the list schema plugin.
+--------------------------------------------------------------------------------------------------*/
+
 .aw_schema_fields .col_child_value {
 	font-style: normal;
 	font-family: 'Courier New', Courier, 'Lucida Sans Typewriter', 'Lucida Typewriter', monospace;
@@ -295,6 +311,24 @@ table tr td.no_items_message:last-child {
 	background: url('images/pdf.png') no-repeat center center;
 }
 
+/* Assetwolf List data pools
+--------------------------------------------------------------------------------------------------*/
+
+.zfea_assetwolf_list_data_pools .zfea_table_list_wrap .zfea_list_outer_grouping h4 img,
+.zfea_assetwolf_list_data_pools .zfea_table_list_wrap .zfea_list_grouping h5 img {
+	display:inline-block;
+	float:left;
+	margin-right:5px;
+}
+
+.zfea_assetwolf_list_data_pools .zfea_table_list_wrap table tr td div[class*="show_communication_status"] {
+	width:140px;
+}
+
+.zfea_assetwolf_list_data_pools .zfea_table_list_wrap table tr td div[class*="show_communication_status"] .comms_wrap > span {
+	margin-left:0 !important;
+}
+
 /* Assetwolf Edit schema
 --------------------------------------------------------------------------------------------------*/
 
@@ -1080,6 +1114,13 @@ table.mqtt_details tr td,
 	background:url('images/progressbar-circle-on.png') no-repeat center;
 }
 
+/* Commns icons
+--------------------------------------------------------------------------------------------------*/
+
+.comms_wrap {
+	display:inline-block;
+}
+
 .red_comms_icon,
 .orange_comms_icon,
 .green_comms_icon,
@@ -1098,27 +1139,27 @@ table.mqtt_details tr td,
 
 .red_comms_icon,
 .red_comms_list_icon {
-	background: url('images/icon-connection-red.svg') no-repeat center center / 22px;
+	background: url('images/icon-comms-asset-red.svg') no-repeat center center / 18px 20px;
 }
 
 .orange_comms_icon,
 .orange_comms_list_icon {
-	background: url('images/icon-connection-orange.svg') no-repeat center center / 22px;
+	background: url('images/icon-comms-asset-orange.svg') no-repeat center center / 18px 20px;
 }
 
 .green_comms_icon,
 .green_comms_list_icon {
-	background: url('images/icon-connection-green.svg') no-repeat center center / 22px;
+	background: url('images/icon-comms-asset-green.svg') no-repeat center center / 18px 20px;
 }
 
 .not_monitored_comms_icon,
 .grey_comms_list_icon {
-	background: url('images/icon-connection-grey.svg') no-repeat center center / 22px;
+	background: url('images/icon-comms-asset-grey.svg') no-repeat center center / 18px 20px;
 }
 
 .never_communicated_comms_icon,
 .never_comms_list_icon {
-	background: url('images/icon-never-communicated.svg') no-repeat center center / 22px;
+	background: url('images/icon-comms-asset-white.svg') no-repeat center center / 18px 20px;
 }
 
 .red_comms_list_icon,
@@ -3075,6 +3116,31 @@ span.awf_data_out_of_date,
 	background:url('images/icon-warning-triangle-orange.png') no-repeat center / 100%;
 }
 
+.assetwolf_2 .asset_details.information div.metadata {
+	overflow:hidden;
+	padding:5px 0;
+}
+
+.assetwolf_2 .asset_details.information div.metadata p {
+	display:inline-block;
+	float:left;
+	margin-right:5px;
+	padding:2px 8px;
+	background:#333;
+	color:#fff;
+	font-size:13px;
+}
+
+.assetwolf_2 .asset_details.information div.metadata p span:before {
+	font-family: 'FontAwesome';
+	content:"\f00c";
+	padding-right:4px;
+}
+
+.assetwolf_2 .asset_details.information div.metadata p span {
+	font-weight:normal;
+}
+
 /* Progress
 --------------------------------------------------------------------------------------------------*/
 
@@ -3940,16 +4006,6 @@ body.mobile .assetwolf_2_schematics div.schematic_builder .controls .buttons sel
 	color:#fff;
 }
 
-.assetwolf_2_schematics .info .hotspot_popup p[class*="column_field"] .label {
-	position: absolute;
-	top: 50%;
-	transform: translateY(-50%);
-	left:15px;
-	padding-top:0;
-	padding-bottom:0;
-	height:auto;
-}
-
 .assetwolf_2_schematics .info .hotspot_popup.blue_dis_schema p[class*="column_field"] .label,
 .assetwolf_2_schematics .info .hotspot_popup.soap_dis_schema p[class*="column_field"] .label {
 	position:static;
diff --git a/zenario/styles/fea/fea_common.css b/zenario/styles/fea/fea_common.css
index 5e6d67254..fae620b6a 100644
--- a/zenario/styles/fea/fea_common.css
+++ b/zenario/styles/fea/fea_common.css
@@ -1104,6 +1104,24 @@ body.mobile .zfea_blocks .zfea_block_list_wrap .zfea_block {
 	float:left;
 }
 
+.zenario_skin .Tokenize.zenario_reorder_items .TokensContainer .Token {
+	width:calc(100% - 47px);
+}
+
+.zenario_skin .Tokenize.zenario_reorder_items .TokensContainer li.Token {
+	position:relative;
+	padding-right:40px;
+	background-image:url('images/icon-drag-vertical-dark.svg');
+	background-repeat:no-repeat;
+	background-position:right center;
+	background-size:auto 14px;
+}
+
+.zenario_skin .Tokenize.zenario_reorder_items .TokensContainer li.Token a.Close {
+	position:absolute;
+	right:0;
+}
+
 /* Tokenize buttons
 --------------------------------------------------------------------------------------------------*/
 
diff --git a/zenario/styles/fea/images/icon-comms-asset-green.svg b/zenario/styles/fea/images/icon-comms-asset-green.svg
new file mode 100644
index 000000000..8683da4b5
--- /dev/null
+++ b/zenario/styles/fea/images/icon-comms-asset-green.svg
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 17.321 20" style="enable-background:new 0 0 17.321 20;" xml:space="preserve">
+<g id="icon-comms-asset-green">
+	<g>
+		<polygon style="fill:#0CAF18;" points="17.321,15 8.66,20 0,15 0,5 8.66,0 17.321,5 		"/>
+		<g>
+			<polygon style="fill:#FFFFFF;" points="9.839,17.171 7.07,7.684 5.958,11.464 1.63,11.464 1.63,9.841 4.956,9.841 7.106,2.829 
+				10.078,13.088 11.531,9.571 15.69,9.571 15.69,10.923 12.43,10.923 			"/>
+		</g>
+	</g>
+</g>
+<g id="Layer_1">
+</g>
+</svg>
diff --git a/zenario/styles/fea/images/icon-comms-asset-grey.svg b/zenario/styles/fea/images/icon-comms-asset-grey.svg
new file mode 100644
index 000000000..c7bf66cc3
--- /dev/null
+++ b/zenario/styles/fea/images/icon-comms-asset-grey.svg
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 17.321 20" style="enable-background:new 0 0 17.321 20;" xml:space="preserve">
+<g id="icon-comms-asset-grey">
+	<g>
+		<polygon style="fill:#808080;" points="17.321,15 8.66,20 0,15 0,5 8.66,0 17.321,5 		"/>
+		<g>
+			<polygon style="fill:#FFFFFF;" points="9.839,17.171 7.07,7.684 5.958,11.464 1.63,11.464 1.63,9.841 4.956,9.841 7.106,2.829 
+				10.078,13.088 11.531,9.571 15.69,9.571 15.69,10.923 12.43,10.923 			"/>
+		</g>
+	</g>
+</g>
+<g id="Layer_1">
+</g>
+</svg>
diff --git a/zenario/styles/fea/images/icon-comms-asset-orange.svg b/zenario/styles/fea/images/icon-comms-asset-orange.svg
new file mode 100644
index 000000000..cd68b9bd5
--- /dev/null
+++ b/zenario/styles/fea/images/icon-comms-asset-orange.svg
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 17.321 20" style="enable-background:new 0 0 17.321 20;" xml:space="preserve">
+<g id="icon-comms-asset-orange">
+	<g>
+		<polygon style="fill:#FF7900;" points="17.321,15 8.66,20 0,15 0,5 8.66,0 17.321,5 		"/>
+		<g>
+			<polygon style="fill:#FFFFFF;" points="9.395,14.401 9.2,14.459 9.815,16.539 10.718,14.566 10.533,14.482 			"/>
+			<polygon style="fill:#FFFFFF;" points="10.542,11.895 11.12,12.159 11.131,12.164 11.698,12.424 12.025,11.71 10.868,11.181 			
+				"/>
+			<polygon style="fill:#FFFFFF;" points="10.072,12.921 9.878,12.263 9.267,12.443 9.877,12.261 9.877,12.26 9.215,12.459 
+				8.658,12.624 8.929,13.541 9.923,13.247 9.888,13.323 11.045,13.852 11.371,13.138 10.215,12.609 			"/>
+			<polygon style="fill:#FFFFFF;" points="12.44,9.667 11.561,9.667 11.195,10.466 11.969,10.82 12.227,10.938 12.351,10.995 
+				12.378,10.938 12.44,10.938 12.44,10.801 12.511,10.668 12.44,10.518 			"/>
+			<polygon style="fill:#FFFFFF;" points="13.366,9.667 13.367,10.938 14.293,10.938 14.293,9.667 13.367,9.667 			"/>
+			<polygon style="fill:#FFFFFF;" points="15.219,9.667 15.219,9.667 15.219,10.938 15.69,10.938 15.69,9.667 			"/>
+			<polygon style="fill:#FFFFFF;" points="7.283,3.461 5.069,10.008 1.63,10.008 1.63,11.28 6.011,11.28 7.188,7.7 8.225,11.28 
+				9.591,11.28 			"/>
+		</g>
+	</g>
+</g>
+<g id="Layer_1">
+</g>
+</svg>
diff --git a/zenario/styles/fea/images/icon-comms-asset-red.svg b/zenario/styles/fea/images/icon-comms-asset-red.svg
new file mode 100644
index 000000000..90a211bd9
--- /dev/null
+++ b/zenario/styles/fea/images/icon-comms-asset-red.svg
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 17.321 20" style="enable-background:new 0 0 17.321 20;" xml:space="preserve">
+<g id="icon-comms-asset-red">
+	<g>
+		<polygon style="fill:#F90303;" points="17.321,15 8.66,20 0,15 0,5 8.66,0 17.321,5 		"/>
+		<g>
+			<g>
+				<g>
+					<polygon style="fill:#FFFFFF;" points="6.571,9.577 5.365,9.176 5.365,9.175 					"/>
+				</g>
+				<g>
+					<path style="fill:#FFFFFF;" d="M6.571,9.577L5.365,9.175l0.28-0.839l1.206,0.402L6.571,9.577z M7.131,7.9L5.924,7.498l0,0
+						l0.28-0.839L7.41,7.061L7.131,7.9L6.527,7.699L7.131,7.9z M6.494,5.792L6.494,5.792"/>
+				</g>
+				<g>
+					<polyline style="fill:#FFFFFF;" points="6.663,5.88 6.483,5.821 7.272,3.455 7.979,5.846 7.797,5.9 					"/>
+					<path style="fill:#FFFFFF;" d="M7.227,6.069"/>
+				</g>
+				<g>
+					<path style="fill:#FFFFFF;" d="M8.929,13.547L8.658,12.63l0.557-0.165l0.662-0.199l0,0l-0.609,0.183l0.61-0.18l0.271,0.918
+						L8.929,13.547z M8.387,11.712l-0.271-0.918l0.557-0.165l0.661-0.199l0,0l-0.609,0.183l0.61-0.18l0.271,0.918L8.387,11.712z
+						 M8.188,8.778l0.604-0.179l0.271,0.918l-1.22,0.361L7.573,8.959l0.61-0.18 M7.302,8.042L7.03,7.124l1.22-0.361l0.271,0.918
+						L7.302,8.042z"/>
+				</g>
+				<g>
+					<polyline style="fill:#FFFFFF;" points="10.533,14.488 10.718,14.572 9.815,16.545 9.2,14.465 9.395,14.407 					"/>
+					<path style="fill:#FFFFFF;" d="M9.979,14.234"/>
+				</g>
+				<g>
+					<path style="fill:#FFFFFF;" d="M11.045,13.858l-1.156-0.529l0.327-0.714l1.156,0.529L11.045,13.858z M11.12,12.165
+						l-0.578-0.265l0.327-0.714l1.156,0.529l-0.327,0.714l-0.567-0.26"/>
+				</g>
+				<g>
+					<polyline style="fill:#FFFFFF;" points="11.969,10.827 11.195,10.472 11.561,9.673 12.44,9.673 12.44,10.524 12.511,10.674 
+						12.44,10.807 12.44,10.944 12.378,10.944 12.351,11.001 12.227,10.944 					"/>
+				</g>
+				<g>
+					<polygon style="fill:#FFFFFF;" points="13.366,10.944 13.366,9.673 13.366,9.673 					"/>
+				</g>
+				<g>
+					<path style="fill:#FFFFFF;" d="M15.219,10.944l0-1.272h0V10.944z M14.293,10.944h-0.926V9.673h0.926V10.944z"/>
+				</g>
+				<g>
+					<rect x="15.219" y="9.673" style="fill:#FFFFFF;" width="0.471" height="1.272"/>
+				</g>
+			</g>
+			<polygon style="fill:#FFFFFF;" points="1.63,11.286 6.011,11.286 6.34,10.344 5.54,10.014 1.63,10.014 			"/>
+		</g>
+	</g>
+</g>
+<g id="Layer_1">
+</g>
+</svg>
diff --git a/zenario/styles/fea/images/icon-comms-asset-white.svg b/zenario/styles/fea/images/icon-comms-asset-white.svg
new file mode 100644
index 000000000..515876a2d
--- /dev/null
+++ b/zenario/styles/fea/images/icon-comms-asset-white.svg
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 17.321 20" style="enable-background:new 0 0 17.321 20;" xml:space="preserve">
+<g id="icon-comms-asset-white">
+	<g>
+		<g>
+			<polygon style="fill:#FFFFFF;" points="17.184,14.921 8.66,19.842 0.137,14.921 0.137,5.079 8.66,0.158 17.184,5.079 			"/>
+			<path style="fill:#1C1C1C;" d="M8.66,20L0,15V5l8.66-5l8.66,5v10l-0.068,0.039L8.66,20z M0.273,14.842l8.387,4.842l8.387-4.842
+				V5.158L8.66,0.315L0.273,5.158V14.842z"/>
+		</g>
+		<g>
+			<g>
+				<rect x="1.741" y="9.841" style="fill:#1C1C1C;" width="1.405" height="1.649"/>
+			</g>
+			<g>
+				<rect x="4.367" y="9.841" style="fill:#1C1C1C;" width="1.405" height="1.649"/>
+			</g>
+		</g>
+	</g>
+</g>
+<g id="Layer_1">
+</g>
+</svg>
diff --git a/zenario/styles/fea/images/icon-connection-green.svg b/zenario/styles/fea/images/icon-connection-green.svg
deleted file mode 100644
index 2bf987eee..000000000
--- a/zenario/styles/fea/images/icon-connection-green.svg
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">
-<g>
-	<g>
-		<circle style="fill:#0CAF18;" cx="12" cy="12" r="12"/>
-	</g>
-	<g>
-		<polygon style="fill:#FFFFFF;" points="13.49,21.069 10.053,9.13 8.673,13.661 3.46,13.661 3.46,11.981 7.428,11.981 
-			10.098,3.216 13.788,16.03 15.592,11.741 20.74,11.741 20.74,13.421 16.708,13.421 		"/>
-	</g>
-</g>
-</svg>
diff --git a/zenario/styles/fea/images/icon-connection-grey.svg b/zenario/styles/fea/images/icon-connection-grey.svg
deleted file mode 100644
index fe181fa3d..000000000
--- a/zenario/styles/fea/images/icon-connection-grey.svg
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">
-<g>
-	<g>
-		<circle style="fill:#808080;" cx="12" cy="12" r="12"/>
-	</g>
-	<g>
-		<polygon style="fill:#FFFFFF;" points="13.49,21.069 10.053,9.13 8.673,13.661 3.46,13.661 3.46,11.981 7.428,11.981 
-			10.098,3.216 13.788,16.03 15.592,11.741 20.74,11.741 20.74,13.421 16.708,13.421 		"/>
-	</g>
-</g>
-</svg>
diff --git a/zenario/styles/fea/images/icon-connection-orange.svg b/zenario/styles/fea/images/icon-connection-orange.svg
deleted file mode 100644
index 72718af83..000000000
--- a/zenario/styles/fea/images/icon-connection-orange.svg
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">
-<g>
-	<g>
-		<circle style="fill:#FF7900;" cx="12" cy="12" r="12"/>
-	</g>
-	<g>
-		<polygon style="fill:#FFFFFF;" points="13.49,21.069 10.053,9.13 8.673,13.661 3.46,13.661 3.46,11.981 7.428,11.981 
-			10.098,3.216 13.788,16.03 15.592,11.741 20.74,11.741 20.74,13.421 16.708,13.421 		"/>
-	</g>
-</g>
-</svg>
diff --git a/zenario/styles/fea/images/icon-connection-red.svg b/zenario/styles/fea/images/icon-connection-red.svg
deleted file mode 100644
index b914c42c9..000000000
--- a/zenario/styles/fea/images/icon-connection-red.svg
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">
-<g>
-	<g>
-		<circle style="fill:#D10505;" cx="12" cy="12" r="12"/>
-	</g>
-	<g>
-		<polygon style="fill:#FFFFFF;" points="13.49,21.069 10.053,9.13 8.673,13.661 3.46,13.661 3.46,11.981 7.428,11.981 
-			10.098,3.216 13.788,16.03 15.592,11.741 20.74,11.741 20.74,13.421 16.708,13.421 		"/>
-	</g>
-</g>
-</svg>
diff --git a/zenario/styles/fea/images/icon-drag-vertical-dark.svg b/zenario/styles/fea/images/icon-drag-vertical-dark.svg
new file mode 100644
index 000000000..9f146ed9e
--- /dev/null
+++ b/zenario/styles/fea/images/icon-drag-vertical-dark.svg
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 46 16" style="enable-background:new 0 0 46 16;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#333333;}
+</style>
+<g id="New_Symbol_231">
+	<polygon class="st0" points="8,0 5,4 7,4 7,7 0,7 0,9 7,9 7,12 5,12 8,16 11,12 9,12 9,9 16,9 16,7 9,7 9,4 11,4 	"/>
+</g>
+</svg>
diff --git a/zenario/styles/fea/images/icon-never-communicated.svg b/zenario/styles/fea/images/icon-never-communicated.svg
deleted file mode 100644
index 0e5444c9e..000000000
--- a/zenario/styles/fea/images/icon-never-communicated.svg
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 21.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#FFFFFF;}
-	.st1{fill:#1C1C1C;}
-</style>
-<g>
-	<g>
-		<circle class="st0" cx="12" cy="12" r="11.8"/>
-		<path class="st1" d="M12,24C5.4,24,0,18.6,0,12C0,5.4,5.4,0,12,0c6.6,0,12,5.4,12,12C24,18.6,18.6,24,12,24z M12,0.5
-			C5.6,0.5,0.5,5.6,0.5,12S5.6,23.5,12,23.5c6.4,0,11.5-5.2,11.5-11.5S18.4,0.5,12,0.5z"/>
-	</g>
-	<g>
-		<polygon class="st1" points="13.5,20.9 10.1,9.2 8.7,13.6 3.6,13.6 3.6,12 7.5,12 10.1,3.4 13.8,16 15.5,11.7 20.6,11.7 
-			20.6,13.4 16.6,13.4 		"/>
-	</g>
-</g>
-</svg>