diff --git a/content/templates/blog-by-id.html b/content/templates/blog-by-id.html
index 1de1257..9d6ebcf 100644
--- a/content/templates/blog-by-id.html
+++ b/content/templates/blog-by-id.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta property="og:title" content=" {{ post.title }} | {{ username }}' blog" />
-    <meta property="og:description" content="{{ post.body }}" />
+    <meta property="og:description" content="{{ post.body | safe | striptags }}" />
     <meta property="og:image" content="/static/site-image.png" />
 
     <title> {{ post.title }} | {{ username }}' blog </title>
diff --git a/site/Cargo.lock b/site/Cargo.lock
index 19e7678..53dde99 100644
--- a/site/Cargo.lock
+++ b/site/Cargo.lock
@@ -561,7 +561,7 @@ checksum = "8aebca1129a03dc6dc2b127edd729435bbc4a37e1d5f4d7513165089ceb02634"
 
 [[package]]
 name = "crablog"
-version = "0.1.0"
+version = "0.2.0"
 dependencies = [
  "actix-files",
  "actix-web",
diff --git a/site/src/api.rs b/site/src/api.rs
index db074a4..cb03b02 100644
--- a/site/src/api.rs
+++ b/site/src/api.rs
@@ -36,7 +36,7 @@ async fn blog_edit_post(
     form: Form<NewPostForm>,
 ) -> impl Responder {
     let (valid, id) = id_valid(post_id);
-    if valid && *CONFIG_MAP.read().unwrap().get("AUTH_TOKEN").unwrap() == form.token {
+    if valid && *CONFIG_MAP.read().unwrap().get("SUBMIT_TOKEN").unwrap() == form.token {
         edit_post_by_id(
             id as i32,
             &form.title.as_str(),
@@ -59,7 +59,7 @@ async fn blog_delete_post(
     form: Form<BlogActionForm>,
 ) -> impl Responder {
     let (valid, id) = id_valid(post_id);
-    if valid && *CONFIG_MAP.read().unwrap().get("AUTH_TOKEN").unwrap() == form.token {
+    if valid && *CONFIG_MAP.read().unwrap().get("SUBMIT_TOKEN").unwrap() == form.token {
         println!("Deleted post: {}", id);
         delete_post_by_id(id as i32);
     } else {
@@ -78,7 +78,7 @@ async fn blog_hide_post(
     form: Form<BlogActionForm>,
 ) -> impl Responder {
     let (valid, id) = id_valid(post_id);
-    if valid && *CONFIG_MAP.read().unwrap().get("AUTH_TOKEN").unwrap() == form.token {
+    if valid && *CONFIG_MAP.read().unwrap().get("SUBMIT_TOKEN").unwrap() == form.token {
         println!("Hid post: {}", id);
         hide_post_by_id(id as i32);
     } else {
diff --git a/site/src/main.rs b/site/src/main.rs
index 9e13e06..46357b4 100644
--- a/site/src/main.rs
+++ b/site/src/main.rs
@@ -29,8 +29,8 @@ async fn main() -> std::io::Result<()> {
 
     HttpServer::new(|| {
 
-        let tera =
-            Tera::new(format!("{}{}", CONFIG_MAP.read().unwrap().get("ROOT_PATH").unwrap(), "/templates/*").as_str()).unwrap();
+        let mut tera = Tera::new(format!("{}{}", CONFIG_MAP.read().unwrap().get("ROOT_PATH").unwrap(), "/templates/*").as_str()).unwrap();
+        tera.autoescape_on(vec![".sql"]);
 
         App::new()
             .data(tera)