diff --git a/.gitignore b/.gitignore
index bd0238f8c50042634fea25e059a2de0fa655ab4e..2fd3cc3c20444edc83bd1d409e04b6f4d106476a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -139,4 +139,6 @@ cython_debug/
 
 package-lock.json
 
-TODO.txt
\ No newline at end of file
+TODO.txt
+
+config.py
\ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cba620d1c86c575fca24e4ea5099e622e3d1b6da..b3cae7fd8d272f9510013ddc9b9ea4ed6c7384a4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -95,6 +95,8 @@ staging:
     name: staging
   image: google/cloud-sdk:alpine
   script:
+  - echo $CONFIG_VARS
+  - cp $CONFIG_VARS ${CI_PROJECT_DIR}/config/config.py
   - echo $SERVICE_ACCOUNT > /tmp/$CI_PIPELINE_ID.json
   - gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
   - gcloud --quiet --project $PROJECT_ID app deploy app-staging.yaml
@@ -111,6 +113,8 @@ deploy:
     name: production
   image: google/cloud-sdk:alpine
   script:
+  - echo $CONFIG_VARS
+  - cp $CONFIG_VARS ${CI_PROJECT_DIR}/config/config.py
   - echo $SERVICE_ACCOUNT > /tmp/$CI_PIPELINE_ID.json
   - gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
   - gcloud --quiet --project $PROJECT_ID app deploy app.yaml
diff --git a/api/services/datastore.py b/api/services/datastore.py
index 81255886ec5e29a92d2aa584bbc1889cc37a1de5..3dcca028a3ed6d87075bfd24bacea4034540f154 100644
--- a/api/services/datastore.py
+++ b/api/services/datastore.py
@@ -1,7 +1,7 @@
 from flask.globals import request
 from flask.helpers import make_response
 from google.cloud import datastore
-from flask import jsonify
+from flask import jsonify, Markup
 import os
 import time
 import logging
@@ -14,7 +14,8 @@ def store_location(data):
     
     # Try validating the entity
     try:
-        validate(data)
+        sanitated_data = _sanitate_data(data)
+        validate(sanitated_data)
     except ValidationError:
         raise
 
@@ -31,13 +32,13 @@ def store_location(data):
 
     #Update hive data to entity
     datastore_entity.update({
-        'name': data["name"],
+        'name': sanitated_data["name"],
         'timestamp': timestamp,
-        'lat': data["lat"],
-        'lng': data["lng"],
-        'person': data["person"],
-        'keeper': data["keeper"],
-        'email': data["email"]
+        'lat': sanitated_data["lat"],
+        'lng': sanitated_data["lng"],
+        'person': sanitated_data["person"],
+        'keeper': sanitated_data["keeper"],
+        'email': sanitated_data["email"]
     })
 
     #Store the info to datastore
@@ -119,6 +120,15 @@ def edit_location(data):
     return entity
 
 
+def _sanitate_data(data: dict):
+    data_cp = data.copy()
+
+    for key, value in data_cp.items():
+        if type(value) is str:
+            data_cp[key] = Markup.striptags(value)
+
+    return data_cp
+
 
 def _get_datastore_client(default_namespace: bool = False):
     """Instantiates a new datastore client. The client's namespace is set to match the value
@@ -132,8 +142,11 @@ def _get_datastore_client(default_namespace: bool = False):
     if os.getenv('GAE_ENV', '').startswith('standard'):
         if default_namespace:
             client = datastore.Client(namespace=None)
+            logging.info(f"Instantiating datastore client with default namespace")
         else:
-            datastore.Client(namespace=os.getenv('GAE_SERVICE'))
+            namespace=os.getenv('GAE_SERVICE')
+            datastore.Client(namespace=namespace)
+            logging.info(f"Instantiating datastore client with namespace: {namespace}")
     else:
         # If running on local machine or testing environment
         os.environ["DATASTORE_PROJECT_ID"] = "emulated-project"
diff --git a/config/default-config.py b/config/default-config.py
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/static/map.js b/static/map.js
index 30083136b1971fb78cbebbcb1f3edfd743f593c0..3c46eca91e973f4b7d9281809b991a9a74b693bb 100644
--- a/static/map.js
+++ b/static/map.js
@@ -144,21 +144,21 @@ async function submitSuggestion(name, person, keeper, email) {
     const popup = selectionMarker.getPopup()
 
     try {
-        popup.setContent("Saving the suggested place...")
+        popup.setContent(updatePopupContent("Saving the suggested place..."))
         const response_json = await saveLocation(data)
         const suggestion = response_json
         const addedMarker = saveSuggestion(lat, lng, suggestion)
 
-        popup.setContent("Suggestion saved succesfully!");
+        popup.setContent(updatePopupContent("Suggestion saved succesfully!"))
         addedMarker.bindPopup(popup).openPopup();
 
         setTimeout(() => {
             addedMarker.closePopup()
-            popup.setContent(suggestion.name)
+            popup.setContent(updatePopupContent(suggestion.name))
         }, 3000)
         
     } catch (error) {
-        popup.setContent("Error, please try again!")
+        popup.setContent(updatePopupContent("Error, please try again!"))
         console.log(error)
     }
 }
@@ -211,7 +211,7 @@ async function initializeMarkers() {
             const lat = suggestion.lat
             const lng = suggestion.lng
             const marker = addMarker(lat, lng)
-            const popup = L.popup().setContent(suggestion.name)
+            const popup = L.popup().setContent(updatePopupContent(suggestion.name))
             marker.bindPopup(popup)
         });
     } catch (e) {